CVE-2016-9381: Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch"…

high7.5CVSS 3.1

AVLACHPRHUINSCCHIHAH

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
citrix	citrix_adm	—	—
citrix	citrix_hypervisor	—	—
citrix	citrix_virtual_apps_and_desktops	—	—
citrix	endpoint_management	—	—
citrix	netscaler_adc	—	—
citrix	netscaler_gateway	—	—
citrix	xenserver	—	—
citrix	xenserver	—	—
citrix	xenserver	—	—
citrix	xenserver	—	—
citrix	xenserver	—	—
debian	xen	< xen 4.4.0-1 (bookworm)	xen 4.4.0-1 (bookworm)
qemu	qemu	<= 2.7.1	—
qemu	qemu	—	—
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.33	2.0.0+dfsg-2ubuntu1.33
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.11	1:2.5+dfsg-5ubuntu10.11
xen	xen	>= 0 < 4.4.0-1	4.4.0-1
xen	xen	>= 0 < 4.4.0-1	4.4.0-1
xen	xen	>= 0 < 4.4.0-1	4.4.0-1
xen	xen	>= 0 < 4.4.0-1	4.4.0-1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

osv7.5HIGH