Denial of Service Vulnerability in Xen Hypervisor by Citrix
CVE-2016-4962

6.7MEDIUM

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
7 June 2016

Summary

The libxl device-handling component in Xen Hypervisor versions 4.6.x and earlier presents a vulnerability that allows local OS guest administrators to exploit guest-controlled areas of xenstore. This exploitation could result in service disruption through resource consumption or confusion of management facilities, alongside the potential for escalating privileges to the host operating system. Proper security measures and updates are essential to mitigate these risks.

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.