CVE-2016-9384 — Sensitive Information Exposure in XEN

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedFeb 22

Latest updateMay 17

Description

Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0-1 (bookworm)

▶Debianxen/xen< 4.8.0-1+3

▶NVDxen/xen4.7.0, 4.7.1+1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-6v73-prr5-x35g: Xen 4↗2022-05-17

▶

OSV

CVE-2016-9384: Xen 4↗2017-02-22

▶

📋Vendor Advisories

Red Hat

xen: guest 32-bit ELF symbol table load leaking host data (XSA-194)↗2016-11-22

▶

Debian

CVE-2016-9384: xen - Xen 4.7 allows local guest OS users to obtain sensitive host information by load...↗2016

▶

💬Community

Bugzilla

CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 xen: various flaws [fedora-all]↗2016-11-22

▶

Bugzilla

CVE-2016-9384 xsa194 xen: guest 32-bit ELF symbol table load leaking host data (XSA-194)↗2016-11-08

▶