CVE-2016-6258

EUVD-2016-7188
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
xenxen
3.4.0
xenxen
3.4.2
xenxen
3.4.3
xenxen
3.4.4
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.4.0
xenxen
4.4.1
xenxen
4.5.0
xenxen
4.6.0
xenxen
4.6.1
xenxen
4.6.3
xenxen
4.7.0
citrixxenserver
6.0
citrixxenserver
6.0.2
citrixxenserver
6.1
citrixxenserver
6.2.0:sp1
citrixxenserver
6.5.0:sp1
citrixxenserver
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
Fixed 4.1.6.1-0ubuntu0.12.04.12
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.7
released
wily
ignored
xenial
Fixed 4.6.0-1ubuntu4.2
released
Common Weakness Enumeration
References
http://support.citrix.com/article/CTX214954
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/92131
http://www.securitytracker.com/id/1036446
http://xenbits.xen.org/xsa/advisory-182.html
http://xenbits.xen.org/xsa/xsa182-4.5.patch
http://xenbits.xen.org/xsa/xsa182-4.6.patch
http://xenbits.xen.org/xsa/xsa182-unstable.patch
https://security.gentoo.org/glsa/201611-09
http://support.citrix.com/article/CTX214954
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/92131
http://www.securitytracker.com/id/1036446
http://xenbits.xen.org/xsa/advisory-182.html
http://xenbits.xen.org/xsa/xsa182-4.5.patch
http://xenbits.xen.org/xsa/xsa182-4.6.patch
http://xenbits.xen.org/xsa/xsa182-unstable.patch
https://security.gentoo.org/glsa/201611-09