CVE-2016-7093

Published: 21 September 2016

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

Priority

Medium

CVSS 3 base score: 8.2

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.6.0-1ubuntu4.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
hypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary

References