SB2016100502 - Privilege escalation in Xen
Published: October 5, 2016
Security Bulletin ID
SB2016100502
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-7777)
The vulnerability allows a local unprivileged user to obtain potentially sensitive information on the guest system.The weakness is caused by insufficient access control mechanisms. A local unprivileged user of a guest operating system can trigger the Xen instruction emulator by attempting to execute an invalid opcode and read or modify FPU, MMX, and XMM register state data of another process within the same guest system.
Successful exploitation of the vulnerability leads to register state information disclosure and corruption.
Remediation
Install update from vendor's website.