CVE-2016-7092 — XEN vulnerability

CWE-2647 documents6 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 77.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedSep 21

Latest updateMay 17

Description

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-9wwx-4vrv-gxfw: The get_page_from_l3e function in arch/x86/mm↗2022-05-17

▶

OSV

CVE-2016-7092: The get_page_from_l3e function in arch/x86/mm↗2016-09-21

▶

📋Vendor Advisories

Red Hat

xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests↗2016-09-08

▶

Debian

CVE-2016-7092: xen - The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV gu...↗2016

▶

💬Community

Bugzilla

CVE-2016-7092 xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests [fedora-all]↗2016-09-08

▶

Bugzilla

CVE-2016-7092 xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests↗2016-08-26

▶