CVE-2016-9381 — Race Condition in Qemu

CWE-362 — Race Condition10 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 71.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Qemu Citrix Xenserver

Timeline

PublishedJan 23

Latest updateMay 13

Description

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶NVDqemu/qemu2.7.1+1

▶Debianxen/xen< 4.4.0-1+3

▶NVDcitrix/xenserver4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fg67-6qhp-f8mj: Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double↗2022-05-13

▶

OSV

CVE-2016-9381: Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double↗2017-01-23

▶

CVEList

CVE-2016-9381: Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double↗2017-01-23

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2017-04-20

▶

Red Hat

xen: qemu incautious about shared ring processing (XSA-197)↗2016-11-22

▶

Debian

CVE-2016-9381: xen - Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to ga...↗2016

▶

💬Community

Bugzilla

CVE-2016-9381 qemu: xsa197 xen: qemu incautious about shared ring processing (XSA-197) [fedora-all]↗2016-11-22

▶

Bugzilla

CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 xen: various flaws [fedora-all]↗2016-11-22

▶

Bugzilla

CVE-2016-9381 xsa197 xen: qemu incautious about shared ring processing (XSA-197)↗2016-11-08

▶