Vulnerability Database

300,444

Total vulnerabilities in the database

CVE-2016-9386

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

Published: Jan 23, 2017
Updated: Nov 9, 2025
CVE: CVE-2016-9386
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
citrix / xenserver	7.0	7.0.x
citrix / xenserver	6.5	6.5.x
citrix / xenserver	6.0.2	6.0.2.x
citrix / xenserver	6.2.0	6.2.0.x
xen / xen	-	-

http://www.securityfocus.com/bid/94471
http://www.securitytracker.com/id/1037340
http://xenbits.xen.org/xsa/advisory-191.html
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo