7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.7%
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does
not properly validate level 2 page table entries, which allows local PV
guest administrators to gain privileges via a crafted superpage mapping.