CVE-2016-9382

high-risk

Published 2017-01-23

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Xen

Xenserver

Xen

Affected Vendors

Xen Citrix

References (10)

Third Party Advisory http://www.securityfocus.com/bid/94470

Third Party Advisory http://www.securitytracker.com/id/1037341

Patch http://xenbits.xen.org/xsa/advisory-192.html

https://security.gentoo.org/glsa/201612-56

Patch https://support.citrix.com/article/CTX218775

Third Party Advisory http://www.securityfocus.com/bid/94470

Third Party Advisory http://www.securitytracker.com/id/1037341

Patch http://xenbits.xen.org/xsa/advisory-192.html

https://security.gentoo.org/glsa/201612-56

Patch https://support.citrix.com/article/CTX218775

/ 100

high-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 25/34 · High