Denial of Service Vulnerability in Xen Hypervisor by Citrix
CVE-2016-4962

6.7MEDIUM

Key Information:

Vendor

Oracle
Status
Vm Server
Vendor
CVE Published:
7 June 2016

What is CVE-2016-4962?

The libxl device-handling component in Xen Hypervisor versions 4.6.x and earlier presents a vulnerability that allows local OS guest administrators to exploit guest-controlled areas of xenstore. This exploitation could result in service disruption through resource consumption or confusion of management facilities, alongside the potential for escalating privileges to the host operating system. Proper security measures and updates are essential to mitigate these risks.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://xenbits.xen.org/xsa/advisory-175.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91006
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.