SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2016-7092

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.2		CVSS Score : 6.8
Exploit Score: 1.5		Exploit Score: 3.1
Impact Score: 6.0		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: LOCAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: HIGH		Authentication: SINGLE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: CHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: COMPLETE
Integrity: HIGH
Availability: HIGH

Reference:

http://support.citrix.com/article/CTX216071

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://xenbits.xen.org/xsa/advisory-185.html

http://xenbits.xen.org/xsa/xsa185.patch


30479



423868



248392



909



195452



282