Local Privilege Escalation in Xen with QEMU Device Model
CVE-2016-9637
7.5HIGH
Summary
The ioport_read and ioport_write functions in the Xen Hypervisor, while used in conjunction with QEMU as a device model, allow local administrators of x86 HVM guest operating systems to escalate privileges. This vulnerability manifests through out-of-range access to ioports, presenting a significant security risk where unauthorized access can grant administrative capabilities over the QEMU process.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved