Описание
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 4.9.0-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [4.4.2-0ubuntu0.14.04.11]] |
| esm-infra/xenial | released | 4.6.5-0ubuntu1.1 |
| precise/esm | DNE | |
| trusty | released | 4.4.2-0ubuntu0.14.04.11 |
| trusty/esm | DNE | trusty was released [4.4.2-0ubuntu0.14.04.11] |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 4.6.5-0ubuntu1.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen through 4.8.x mishandles the "contains segment descriptors" proper ...
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3