CVE-2016-9637
Xen: qemu ioport out-of-bounds array access (XSA-199)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
Las funciones (1) ioport_read y (2) ioport_write en Xen, cuando qemu es utilizado como un modelo de dispositivo dentro de Xen, podría permitir a administradores locales del SO invitado x86 HVM obtener privilegios del proceso qemu a través de vectores que involucran un acceso ioport fuera de rango.
An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2016-12-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94699 | Vdb Entry | |
http://www.securitytracker.com/id/1037397 | Vdb Entry | |
http://xenbits.xen.org/xsa/advisory-199.html | X_refsource_confirm | |
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html | Mailing List | |
https://support.citrix.com/article/CTX219136 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-2963.html | 2018-02-08 | |
https://security.gentoo.org/glsa/201612-56 | 2018-02-08 | |
https://access.redhat.com/security/cve/CVE-2016-9637 | 2016-12-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1397043 | 2016-12-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.0.2 Search vendor "Citrix" for product "Xenserver" and version "6.0.2" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.2.0 Search vendor "Citrix" for product "Xenserver" and version "6.2.0" | sp1 |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.5 Search vendor "Citrix" for product "Xenserver" and version "6.5" | sp1 |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.0 Search vendor "Citrix" for product "Xenserver" and version "7.0" | - |
Affected
|