CVE-2016-4480
HIGHOracle VM Server - Privilege Escalation via Page Table Entry Handling
Title source: llmDescription
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90710
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035901
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3633
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-176.html
Scores
CVSS v3
8.4
EPSS
0.0039
EPSS Percentile
60.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (4)
oracle/vm_server
3.2
oracle/vm_server
3.3
oracle/vm_server
3.4
xen/xen
< 4.6.1
Published
May 18, 2016
Tracked Since
Feb 18, 2026