Alpine: multiple xen packages: security update to 4.7.1-r1 (deprecated)

low Tenable Cloud Security Plugin ID 400951

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an
asynchronous abort. (CVE-2016-9815)

- Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors
involving an asynchronous abort while at EL2. (CVE-2016-9816)

- Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors
involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. (CVE-2016-9817)

- Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors
involving an asynchronous abort while at HYP. (CVE-2016-9818)

- CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain
sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
(CVE-2016-9932)

See Also

https://git.alpinelinux.org/aports/commit/?id=3b5fa3b170637b8149c63d415d3a42c638b8b71a

https://git.alpinelinux.org/aports/commit/?id=cf24cc64fbe2e718b0bee91cc486ca9071a87ddf

Plugin Details

Severity: Low

ID: 400951

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 50.87

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-9932

CVSS v3

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2016

Vulnerability Publication Date: 11/29/2016

Reference Information

CVE: CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818, CVE-2016-9932

BID: 94581, 94863

IAVA: 2017-A-0012-S

IAVB: 2016-B-0190-S