CVE-2016-4963

MEDIUM

Xen - Improper Access Control

Title source: rule

Description

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036024

[Vendor Advisory] http://xenbits.xen.org/xsa/advisory-178.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2018/09/msg00006.html

Scores

CVSS v3 4.7

EPSS 0.0005

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-284

Status draft

Affected Products (36)

xen/xen

... and 21 more

Timeline

Published Jun 07, 2016

Tracked Since Feb 18, 2026