CVE-2016-9381

Published: 23 January 2017

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:2.8+dfsg-3ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:2.8+dfsg-3ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:2.8+dfsg-3ubuntu2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.11)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.33)
Patches:
Upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=b85f9dfdb156ae2a2a52f39a36e9f1f270614cd2
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xen
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.9])
Binaries built from this source package are in Universe and so are supported by the community.