Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9382

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

Published

2017-01-23T21:59:02.830

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xen	xen	4.0.0	Yes
Operating System	xen	xen	4.0.1	Yes
Operating System	xen	xen	4.0.2	Yes
Operating System	xen	xen	4.0.3	Yes
Operating System	xen	xen	4.0.4	Yes
Operating System	xen	xen	4.1.0	Yes
Operating System	xen	xen	4.1.1	Yes
Operating System	xen	xen	4.1.2	Yes
Operating System	xen	xen	4.1.3	Yes
Operating System	xen	xen	4.1.4	Yes
Operating System	xen	xen	4.1.5	Yes
Operating System	xen	xen	4.1.6.1	Yes
Operating System	xen	xen	4.2.0	Yes
Operating System	xen	xen	4.2.1	Yes
Operating System	xen	xen	4.2.2	Yes
Operating System	xen	xen	4.2.3	Yes
Operating System	xen	xen	4.2.4	Yes
Operating System	xen	xen	4.2.5	Yes
Operating System	xen	xen	4.3.0	Yes
Operating System	xen	xen	4.3.1	Yes
Operating System	xen	xen	4.3.2	Yes
Operating System	xen	xen	4.3.3	Yes
Operating System	xen	xen	4.3.4	Yes
Operating System	xen	xen	4.4.0	Yes
Operating System	xen	xen	4.4.1	Yes
Operating System	xen	xen	4.4.2	Yes
Operating System	xen	xen	4.4.3	Yes
Operating System	xen	xen	4.4.4	Yes
Operating System	xen	xen	4.5.0	Yes
Operating System	xen	xen	4.5.1	Yes
Operating System	xen	xen	4.5.2	Yes
Operating System	xen	xen	4.5.3	Yes
Operating System	xen	xen	4.5.5	Yes
Operating System	xen	xen	4.6.0	Yes
Operating System	xen	xen	4.6.1	Yes
Operating System	xen	xen	4.6.3	Yes
Operating System	xen	xen	4.6.4	Yes
Operating System	xen	xen	4.7.0	Yes
Operating System	xen	xen	4.7.1	Yes
Application	citrix	xenserver	6.0.2	Yes
Application	citrix	xenserver	6.2.0	Yes
Application	citrix	xenserver	6.5	Yes
Application	citrix	xenserver	7.0	Yes

References

http://www.securityfocus.com/bid/94470 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1037341 Third Party Advisory, VDB Entry ([email protected])
http://xenbits.xen.org/xsa/advisory-192.html Patch, Vendor Advisory ([email protected])
https://security.gentoo.org/glsa/201612-56 ([email protected])
https://support.citrix.com/article/CTX218775 Patch, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/94470 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037341 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://xenbits.xen.org/xsa/advisory-192.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201612-56 (af854a3a-2127-422b-91ae-364da2661108)
https://support.citrix.com/article/CTX218775 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)