Main Vulnerability Database SB2016120118

SB2016120118 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: December 1, 2016

Security Bulletin ID SB2016120118

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-9386)

The vulnerability allows a local authenticated user to execute arbitrary code.

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=473c36a9c87f281b12c59f519ab621ff620a7062
https://git.alpinelinux.org/aports/commit/?id=9bd4f34be948ebfa595d57f19e164b329c94ef70
https://git.alpinelinux.org/aports/commit/?id=ef362e4b0451d7206239a58f9ca6c6389652b7a9