CVE-2016-7093
Published: 21 September 2016
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
Priority
Medium
CVSS 3 base score: 8.2
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.6.0-1ubuntu4.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected)
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |