CVE-2016-9382

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
xenxen
4.0.0
xenxen
4.0.1
xenxen
4.0.2
xenxen
4.0.3
xenxen
4.0.4
xenxen
4.1.0
xenxen
4.1.1
xenxen
4.1.2
xenxen
4.1.3
xenxen
4.1.4
xenxen
4.1.5
xenxen
4.1.6.1
xenxen
4.2.0
xenxen
4.2.1
xenxen
4.2.2
xenxen
4.2.3
xenxen
4.2.4
xenxen
4.2.5
xenxen
4.3.0
xenxen
4.3.1
xenxen
4.3.2
xenxen
4.3.3
xenxen
4.3.4
xenxen
4.4.0
xenxen
4.4.1
xenxen
4.4.2
xenxen
4.4.3
xenxen
4.4.4
xenxen
4.5.0
xenxen
4.5.1
xenxen
4.5.2
xenxen
4.5.3
xenxen
4.5.5
xenxen
4.6.0
xenxen
4.6.1
xenxen
4.6.3
xenxen
4.6.4
xenxen
4.7.0
xenxen
4.7.1
citrixxenserver
6.0.2
citrixxenserver
6.2.0
citrixxenserver
6.5
citrixxenserver
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
zesty
Fixed 4.8.0-1ubuntu1
released
yakkety
Fixed 4.7.0-0ubuntu2.1
released
xenial
Fixed 4.6.0-1ubuntu4.3
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.9
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.13
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94470
http://www.securitytracker.com/id/1037341
http://xenbits.xen.org/xsa/advisory-192.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775
http://www.securityfocus.com/bid/94470
http://www.securitytracker.com/id/1037341
http://xenbits.xen.org/xsa/advisory-192.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775