CVE-2016-7093 — XEN vulnerability

CWE-2647 documents6 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 81.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedSep 21

Latest updateMay 17

Description

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages3 packages

▶Alpinexen/xen< 4.7.0-r1+19

▶NVDxen/xen4.5.3, 4.6.3, 4.7.0+2

▶debiandebian/xen

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-f8fq-24rx-53q7: Xen 4↗2022-05-17

▶

OSV

CVE-2016-7093: Xen 4↗2016-09-21

▶

📋Vendor Advisories

Red Hat

xen: x86: Mishandling of instruction pointer truncation during emulation↗2016-09-08

▶

Debian

CVE-2016-7093: xen - Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite...↗2016

▶

💬Community

Bugzilla

CVE-2016-7093 xen: x86: Mishandling of instruction pointer truncation during emulation [fedora-all]↗2016-09-08

▶

Bugzilla

CVE-2016-7093 xen: x86: Mishandling of instruction pointer truncation during emulation↗2016-08-26

▶