CVE-2016-7093
Publication date 21 September 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
Status
Package | Ubuntu Release | Status |
---|---|---|
xen | 16.04 LTS xenial |
Not affected
|
14.04 LTS trusty | Not in release | |
Notes
mdeslaur
hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.2 · High |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |