Main Vulnerability Database SB2016062406

SB2016062406 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: June 24, 2016

Security Bulletin ID SB2016062406

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-4480)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a8abb288a454a482520a9f0504f798f7616b0b63
https://git.alpinelinux.org/aports/commit/?id=8a5bc35852a4573c2706970bec255a29b7b50ed1