CVE-2016-4962
MEDIUMOracle VM Server - Denial of Service and Privilege Escalation via libxl Device-Handling
Title source: llmDescription
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-175.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91006
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3633
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036023
Scores
CVSS v3
6.7
EPSS
0.0009
EPSS Percentile
25.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (18)
oracle/vm_server
3.3
oracle/vm_server
3.4
xen/xen
4.3.0
xen/xen
4.3.1
xen/xen
4.3.2
xen/xen
4.3.3
xen/xen
4.3.4
xen/xen
4.4.0 (2 CPE variants)
xen/xen
4.4.1
xen/xen
4.4.2
... and 8 more
Published
Jun 07, 2016
Tracked Since
Feb 18, 2026