CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
oraclevm_server
3.3
oraclevm_server
3.4
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.0:rc1
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.4.4
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.5.3
xenxen
4.6.0
xenxen
4.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
wheezy
no-dsa
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
xenial
Fixed 4.6.0-1ubuntu4.1
released
wily
Fixed 4.5.1-0ubuntu1.4
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.6
released
precise
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023
http://xenbits.xen.org/xsa/advisory-175.html
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023
http://xenbits.xen.org/xsa/advisory-175.html