ALT-PU-2016-3289-1

CVE-2016-6258

HIGH8.8

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Опубликовано: 2016-08-02Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2016-6259

MEDIUM6.2

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

Опубликовано: 2016-08-02Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 6.2

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-7093

HIGH8.2

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

Опубликовано: 2016-09-21Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 8.2

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2016-7094

MEDIUM4.1

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

Опубликовано: 2016-09-21Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 1.5

CVSS:2.0/AV:L/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 4.1

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-7777

MEDIUM6.3

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

Опубликовано: 2016-10-07Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.3

CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.3

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2016-9932

LOW3.3

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

Опубликовано: 2017-01-26Изменено: 2025-04-20

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xНИЗКАЯ 3.3

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Ссылки

Обновление пакета xen в ветке sisyphus

Закрытые проблемы (6)

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.