CVE-2016-4480

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
oraclevm_server
3.2
oraclevm_server
3.3
oraclevm_server
3.4
xenxen
𝑥
≤ 4.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
xenial
not-affected
wily
not-affected
trusty
not-affected
precise
not-affected
linux-armadaxp
xenial
dne
wily
dne
trusty
dne
precise
not-affected
linux-flo
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-goldfish
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-grouper
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-linaro-omap
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-linaro-shared
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-linaro-vexpress
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-quantal
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-raring
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-saucy
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-trusty
xenial
dne
wily
dne
trusty
dne
precise
not-affected
linux-lts-utopic
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-vivid
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-wily
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-xenial
xenial
dne
wily
dne
trusty
not-affected
precise
dne
linux-maguro
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-mako
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-manta
xenial
dne
wily
not-affected
trusty
dne
precise
dne
linux-qcm-msm
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-raspi2
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-snapdragon
xenial
not-affected
wily
dne
trusty
dne
precise
dne
linux-ti-omap4
xenial
dne
wily
dne
trusty
dne
precise
not-affected
xen
xenial
Fixed 4.6.0-1ubuntu4.1
released
wily
Fixed 4.5.1-0ubuntu1.4
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.6
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.11
released
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
http://xenbits.xen.org/xsa/advisory-176.html
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
http://xenbits.xen.org/xsa/advisory-176.html