CVE-2016-4962

CWE-2648 documents7 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 74.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle VM ServerXEN XEN
Timeline
PublishedJun 7
Latest updateMay 17

Description

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

Debianxen< 4.8.0~rc3-1+3
NVDxen/xen16 versions+15
NVDoracle/vm_server3.3, 3.4+1

🔴Vulnerability Details

3
GHSA
GHSA-42rm-gcmp-3557: The libxl device-handling in Xen 42022-05-17
CVEList
CVE-2016-4962: The libxl device-handling in Xen 42016-06-07
OSV
CVE-2016-4962: The libxl device-handling in Xen 42016-06-07

📋Vendor Advisories

2
Red Hat
xen: Unsanitised guest input in libxl device handling code (XSA-175)2016-06-02
Debian
CVE-2016-4962: xen - The libxl device-handling in Xen 4.6.x and earlier allows local OS guest adminis...2016

💬Community

2
Bugzilla
CVE-2016-4962 xsa175 xen: Unsanitised guest input in libxl device handling code (XSA-175) [fedora-all]2016-06-02
Bugzilla
CVE-2016-4962 xsa175 xen: Unsanitised guest input in libxl device handling code (XSA-175)2016-05-12
CVE-2016-4962 (MEDIUM CVSS 6.7) | The libxl device-handling in Xen 4. | cvebase.io