CVE-2016-4480

CWE-2647 documents7 sources

Severity

8.4HIGH

EPSS

0.4%

top 39.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN XEN Oracle VM Server

Timeline

PublishedMay 18

Latest updateMay 17

Description

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

▶Debianxen< 4.8.0~rc3-1+3

▶NVDxen/xen4.6.1

▶NVDoracle/vm_server3.2, 3.3, 3.4+2

🔴Vulnerability Details

GHSA

GHSA-mrv5-xm7c-h532: The guest_walk_tables function in arch/x86/mm/guest_walk↗2022-05-17

▶

OSV

CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk↗2016-05-18

▶

CVEList

CVE-2016-4480: The guest_walk_tables function in arch/x86/mm/guest_walk↗2016-05-18

▶

📋Vendor Advisories

Red Hat

xen: x86 software guest page walk PS bit handling flaw (XSA-176)↗2016-05-17

▶

Debian

CVE-2016-4480: xen - The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earl...↗2016

▶

💬Community

Bugzilla

CVE-2016-4480 xsa176 xen: x86 software guest page walk PS bit handling flaw (XSA-176)↗2016-05-03

▶