CVE-2016-4480

moderate-risk
Published 2016-05-18

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Do I need to act?

-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
LOCAL / LOW complexity

Affected Products (4)

Xen

Affected Vendors

Oracle Xen

References (10)

http://www.debian.org/security/2016/dsa-3633
Vendor Advisory http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm...
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
Vendor Advisory http://xenbits.xen.org/xsa/advisory-176.html
http://www.debian.org/security/2016/dsa-3633
Vendor Advisory http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htm...
http://www.securityfocus.com/bid/90710
http://www.securitytracker.com/id/1035901
Vendor Advisory http://xenbits.xen.org/xsa/advisory-176.html
37
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 10/34 · Low