CVE-2007-6416
Xen <= 3.1.2 - Unauthenticated Arbitrary Physical Memory Access via PAL Emulation
Title source: llmDescription
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28643
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840
Exploit x_refsource_confirm
http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26954
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28146
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41344
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0089.html
Scores
EPSS
0.0011
EPSS Percentile
29.5%
Details
CWE
CWE-264
Status
published
Products (1)
xen/xen
3.1.2
Published
Dec 17, 2007
Tracked Since
Feb 18, 2026