Denial of Service Vulnerability in Xen Hypervisor by Citrix
CVE-2016-4962
6.7MEDIUM
Summary
The libxl device-handling component in Xen Hypervisor versions 4.6.x and earlier presents a vulnerability that allows local OS guest administrators to exploit guest-controlled areas of xenstore. This exploitation could result in service disruption through resource consumption or confusion of management facilities, alongside the potential for escalating privileges to the host operating system. Proper security measures and updates are essential to mitigate these risks.
References
CVSS V3.1
Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved