CVE-2016-9386 — Citrix Xenserver vulnerability

CWE-2648 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 72.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Citrix Xenserver

Timeline

PublishedJan 23

Latest updateMay 17

Description

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianxen/xen< 4.8.0-1+3

▶NVDcitrix/xenserver4 versions+3

Patches

Patch: xenbits.xen.org ↗Patch: support.citrix.com ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-5mmc-9chw-pm3p: The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain p↗2022-05-17

▶

CVEList

CVE-2016-9386: The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain p↗2017-01-23

▶

OSV

CVE-2016-9386: The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain p↗2017-01-23

▶

📋Vendor Advisories

Red Hat

xen: x86 null segments not always treated as unusable (XSA-191)↗2016-11-22

▶

Debian

CVE-2016-9386: xen - The x86 emulator in Xen does not properly treat x86 NULL segments as unusable wh...↗2016

▶

💬Community

Bugzilla

CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 xen: various flaws [fedora-all]↗2016-11-22

▶

Bugzilla

CVE-2016-9386 xsa191 xen: x86 null segments not always treated as unusable (XSA-191)↗2016-11-08

▶