CVE-2016-9637

CWE-264 CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenserver

Timeline

PublishedFeb 17

Latest updateMay 14

Description

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

▶Debianxen< 4.4.0-1+3

▶NVDcitrix/xenserver4 versions+3

🔴Vulnerability Details

GHSA

GHSA-5m8h-4qv2-6hhp: The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administ↗2022-05-14

▶

OSV

CVE-2016-9637: The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administ↗2017-02-17

▶

CVEList

CVE-2016-9637: The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administ↗2017-02-16

▶

📋Vendor Advisories

Red Hat

Xen: qemu ioport out-of-bounds array access (XSA-199)↗2016-12-06

▶

Debian

CVE-2016-9637: qemu - The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as ...↗2016

▶

💬Community

Bugzilla

CVE-2016-9637 XSA199 Xen: qemu ioport out-of-bounds array access (XSA-199)↗2016-11-21

▶