CVE-2016-9383Improper Input Validation in Citrix Xenserver

CWE-20Improper Input Validation8 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENCitrix Xenserver
Timeline
PublishedJan 23
Latest updateMay 17

Description

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

Debianxen/xen< 4.8.0-1+3
NVDcitrix/xenserver4 versions+3

Patches

Patch: xenbits.xen.orgPatch: support.citrix.comPatch: xenbits.xen.org

🔴Vulnerability Details

3
GHSA
GHSA-qw22-r72h-rf56: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, ca2022-05-17
OSV
CVE-2016-9383: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, ca2017-01-23
CVEList
CVE-2016-9383: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, ca2017-01-23

📋Vendor Advisories

2
Red Hat
xen: x86 64-bit bit test instruction emulation broken (XSA-195)2016-11-22
Debian
CVE-2016-9383: xen - Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to mod...2016

💬Community

2
Bugzilla
CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 xen: various flaws [fedora-all]2016-11-22
Bugzilla
CVE-2016-9383 xsa195 xen: x86 64-bit bit test instruction emulation broken (XSA-195)2016-11-08
CVE-2016-9383 — Improper Input Validation in Citrix | cvebase