Alpine: multiple xen packages: security update to 4.7.1-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400980

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and
consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary
code on the host by leveraging broken emulation of bit test instructions. (CVE-2016-9383)

- Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate
software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by
leveraging IDT entry miscalculation. (CVE-2016-9377)

- Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate
software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by
leveraging an incorrect choice for software interrupt delivery. (CVE-2016-9378)

- The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-
using guest OS administrators to read or delete arbitrary files on the host via string quotes and
S-expressions in the bootloader configuration file. (CVE-2016-9379)

- The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local
pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the
bootloader configuration file. (CVE-2016-9380)

See Also

https://git.alpinelinux.org/aports/commit/?id=64afb5ab10d6bdced5921588f38124df06eb3783

https://git.alpinelinux.org/aports/commit/?id=9a2f0cb09a04c388d44a68a62311b3e04c0550c8

Plugin Details

Severity: High

ID: 400980

Version: Revision 1.41

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.11

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-9383

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/25/2016

Vulnerability Publication Date: 11/22/2016

Reference Information

CVE: CVE-2016-9377, CVE-2016-9378, CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9384, CVE-2016-9385, CVE-2016-9386

BID: 94468, 94470, 94471, 94472, 94473, 94474, 94475, 94476

IAVA: 2016-A-0328-S

IAVB: 2016-B-0177-S