#VU389 Access control error - CVE-2016-7093
Published: September 9, 2016
Vulnerability identifier: #VU389
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2016-7093
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Software vendor:
Description
The vulnerability allows local user to get elevated privileges on the host system.
The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.
Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.
Remediation
Install patched versions from vendor's website:
xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patchxsa186-0002-hvm-fep-Allow-testing-of-instructions-crossing-the-1.patch
xsa186-4.6-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch