CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

Published: Jun 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-4962
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
oracle / vm_server	3.4	3.4.x
oracle / vm_server	3.3	3.3.x
xen / xen	4.3.2	4.3.2.x
xen / xen	4.6.0	4.6.0.x
xen / xen	4.3.3	4.3.3.x
xen / xen	4.3.0	4.3.0.x
xen / xen	4.5.2	4.5.2.x
xen / xen	4.4.2	4.4.2.x
xen / xen	4.4.4	4.4.4.x
xen / xen	4.4.3	4.4.3.x
xen / xen	4.4.0-rc1	4.4.0-rc1.x
xen / xen	4.6.1	4.6.1.x
xen / xen	4.5.3	4.5.3.x
xen / xen	4.3.4	4.3.4.x
xen / xen	4.5.1	4.5.1.x
xen / xen	4.4.1	4.4.1.x
xen / xen	4.3.1	4.3.1.x
xen / xen	4.5.0	4.5.0.x
xen / xen	4.4.0	4.4.0.x

Vulnerability Database

289,697

CVE-2016-4962