This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The Xen Project reports :
The compiler can emit optimizations in qemu which can lead to double
fetch vulnerabilities. Specifically data on the rings shared between
qemu and the hypervisor (which the guest under control can obtain
mappings of) can be fetched twice (during which time the guest can
alter the contents) possibly leading to arbitrary code execution in
Malicious administrators can exploit this vulnerability to take over
the qemu process, elevating its privilege to that of the qemu process.
In a system not using a device model stub domain (or other techniques
for deprivileging qemu), malicious guest administrators can thus
elevate their privilege to that of the host.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 6.9