CVE-2016-7093

Sažetak

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

Reference

http://support.citrix.com/article/CTX216071
http://www.securityfocus.com/bid/92865
http://www.securitytracker.com/id/1036752
http://xenbits.xen.org/xsa/advisory-186.html
http://xenbits.xen.org/xsa/xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
https://security.gentoo.org/glsa/201611-09

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

01-07-2017 - 01:30

Objavljeno

21-09-2016 - 14:25