Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-6258

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Published

2016-08-02T16:59:08.133

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System xen xen 3.4.0 Yes
Operating System xen xen 3.4.2 Yes
Operating System xen xen 3.4.3 Yes
Operating System xen xen 3.4.4 Yes
Operating System xen xen 4.0.0 Yes
Operating System xen xen 4.0.1 Yes
Operating System xen xen 4.0.3 Yes
Operating System xen xen 4.0.4 Yes
Operating System xen xen 4.1.0 Yes
Operating System xen xen 4.1.1 Yes
Operating System xen xen 4.1.2 Yes
Operating System xen xen 4.1.3 Yes
Operating System xen xen 4.1.4 Yes
Operating System xen xen 4.1.5 Yes
Operating System xen xen 4.2.0 Yes
Operating System xen xen 4.2.1 Yes
Operating System xen xen 4.2.2 Yes
Operating System xen xen 4.2.3 Yes
Operating System xen xen 4.3.0 Yes
Operating System xen xen 4.3.1 Yes
Operating System xen xen 4.4.0 Yes
Operating System xen xen 4.4.1 Yes
Operating System xen xen 4.5.0 Yes
Operating System xen xen 4.6.0 Yes
Operating System xen xen 4.6.1 Yes
Operating System xen xen 4.6.3 Yes
Operating System xen xen 4.7.0 Yes
Application citrix xenserver 6.0 Yes
Application citrix xenserver 6.0.2 Yes
Application citrix xenserver 6.1 Yes
Application citrix xenserver 6.2.0 Yes
Application citrix xenserver 6.5.0 Yes
Application citrix xenserver 7.0 Yes
References