CVE-2016-9386

high

Description

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

References

https://support.citrix.com/article/CTX218775

https://security.gentoo.org/glsa/201612-56

http://xenbits.xen.org/xsa/advisory-191.html

http://www.securitytracker.com/id/1037340

http://www.securityfocus.com/bid/94471

Details

Source: Mitre, NVD

Published: 2017-01-23

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High