Lucene search

PRIOn knowledge basePRION:CVE-2016-9637

HistoryFeb 17, 2017 - 2:59 a.m.

Security feature bypass

2017-02-1702:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

JSON

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

CPENameOperatorVersion
xenservereq7.0
xenservereq6.0.2
xenservereq6.5 sp1
xenservereq6.2.0 sp1

Name	Operator	Version
xenserver	eq	7.0
xenserver	eq	6.0.2
xenserver	eq	6.5 sp1
xenserver	eq	6.2.0 sp1

References

rhn.redhat.com/errata/RHSA-2016-2963.html

www.securityfocus.com/bid/94699

www.securitytracker.com/id/1037397

xenbits.xen.org/xsa/advisory-199.html

lists.debian.org/debian-lts-announce/2018/02/msg00005.html

security.gentoo.org/glsa/201612-56

support.citrix.com/article/CTX219136