Lucene search

K
centosCentOS ProjectCESA-2016:2963
HistoryDec 20, 2016 - 4:58 p.m.

xen security update

2016-12-2016:58:37
CentOS Project
lists.centos.org
62

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%

CentOS Errata and Security Advisory CESA-2016:2963

Xen is a virtual machine monitor

Security Fix(es):

  • An out of bounds array access issue was found in the Xen virtual machine
    monitor, built with the QEMU ioport support. It could occur while doing ioport
    read/write operations, if guest was to supply a 32bit address parameter. A
    privileged guest user/process could use this flaw to potentially escalate their
    privileges on a host. (CVE-2016-9637)

Red Hat would like to thank the Xen project for reporting this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-December/084343.html

Affected packages:
xen
xen-devel
xen-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:2963

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%