1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
26.9%
The emulation of far branch instructions (CALL, JMP, and RETF in Intel assembly syntax, LCALL, LJMP, and LRET in AT&T assembly syntax) incompletely performs privilege checks.
However these instructions are not usually handled by the emulator. Exceptions to this are
Malicious HVM guest user mode code may be able to elevate its privileges to guest supervisor mode, or to crash the guest.
Xen 3.2.1 and onward are vulnerable on x86 systems.
ARM systems are not vulnerable.
Only user processes in x86 HVM guests can take advantage of this vulnerability.