Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-9637
HistoryFeb 17, 2017 - 12:00 a.m.

CVE-2016-9637

2017-02-1700:00:00
ubuntu.com
ubuntu.com
17

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is
used as a device model within Xen, might allow local x86 HVM guest OS
administrators to gain qemu process privileges via vectors involving an
out-of-range ioport access.

Notes

Author Note
ratliff ARM systems are not vulnerable according to the XSA
mdeslaur This is XSA-199
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchxen< 4.1.6.1-0ubuntu0.12.04.13UNKNOWN
ubuntu14.04noarchxen< 4.4.2-0ubuntu0.14.04.9UNKNOWN

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.7%