CVE-2016-6258

Опубликовано: 02 авг. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Ссылки

http://support.citrix.com/article/CTX214954
Vendor Advisory
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Release Notes
http://www.securityfocus.com/bid/92131
Third Party Advisory
http://www.securitytracker.com/id/1036446
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-182.html
Mitigation
Patch
Vendor Advisory
http://xenbits.xen.org/xsa/xsa182-4.5.patch
Patch
http://xenbits.xen.org/xsa/xsa182-4.6.patch
Patch
http://xenbits.xen.org/xsa/xsa182-unstable.patch
Patch
https://security.gentoo.org/glsa/201611-09
http://support.citrix.com/article/CTX214954
Vendor Advisory
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Release Notes
http://www.securityfocus.com/bid/92131
Third Party Advisory
http://www.securitytracker.com/id/1036446
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-182.html
Mitigation
Patch
Vendor Advisory
http://xenbits.xen.org/xsa/xsa182-4.5.patch
Patch
http://xenbits.xen.org/xsa/xsa182-4.6.patch
Patch
http://xenbits.xen.org/xsa/xsa182-unstable.patch
Patch
https://security.gentoo.org/glsa/201611-09

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.1:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.5.0:sp1:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-6258

CVSS3: 8.8

ubuntu

больше 9 лет назад

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

CVE-2016-6258

CVSS3: 8.5

redhat

больше 9 лет назад

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

CVE-2016-6258

CVSS3: 8.8

debian

больше 9 лет назад

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows ...

GHSA-gh95-4f96-964p

CVSS3: 8.8

github

больше 3 лет назад

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

SUSE-SU-2016:2507-1

suse-cvrf

больше 9 лет назад

Security update for xen

EPSS

Процентиль: 30%

0.00112

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284