#VU389 Access control error - CVE-2016-7093

Cybersecurity Help s.r.o.

Published: 2016-09-09

Vulnerability identifier: #VU389

Vulnerability risk: Medium

CVSSv4.0: 6.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2016-7093

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Description
The vulnerability allows local user to get elevated privileges on the host system.

The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.

Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.

Mitigation

Install patched versions from vendor's website:

xsa186-0001-x86-emulate-Correct-boundary-interactions-of-emulate.patch
xsa186-0002-hvm-fep-Allow-testing-of-instructions-crossing-the-1.patch
xsa186-4.6-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch
xsa186-4.7-0002-hvm-fep-Allow-testing-of-instructions-crossing-the.patch

External links
https://xenbits.xen.org/xsa/advisory-186.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for Xen

SUSE Linux update for xen

Access control error in xen (Alpine package)