Local Privilege Escalation in Xen with QEMU Device Model
CVE-2016-9637

7.5HIGH

Key Information:

Vendor

Citrix
Status
Xenserver
Vendor
CVE Published:
17 February 2017

What is CVE-2016-9637?

The ioport_read and ioport_write functions in the Xen Hypervisor, while used in conjunction with QEMU as a device model, allow local administrators of x86 HVM guest operating systems to escalate privileges. This vulnerability manifests through out-of-range access to ioports, presenting a significant security risk where unauthorized access can grant administrative capabilities over the QEMU process.

References

http://www.securityfocus.com/bid/94699
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201612-56
vendor-advisoryx_refsource_GENTOO
https://support.citrix.com/article/CTX219136
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.