CVE-2016-6258

Published: Aug 2, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

Affected (33)

Products: Xen: Xen · Citrix: Xenserver

1 product

1 product

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Version 3.4.0
Xen Xen	Version 3.4.2
Xen Xen	Version 3.4.3
Xen Xen	Version 3.4.4
Xen Xen	Version 4.0.0
Xen Xen	Version 4.0.1
Xen Xen	Version 4.0.3
Xen Xen	Version 4.0.4
Xen Xen	Version 4.1.0
Xen Xen	Version 4.1.1
Xen Xen	Version 4.1.2
Xen Xen	Version 4.1.3
Xen Xen	Version 4.1.4
Xen Xen	Version 4.1.5
Xen Xen	Version 4.2.0
Xen Xen	Version 4.2.1
Xen Xen	Version 4.2.2
Xen Xen	Version 4.2.3
Xen Xen	Version 4.3.0
Xen Xen	Version 4.3.1
Xen Xen	Version 4.4.0
Xen Xen	Version 4.4.1
Xen Xen	Version 4.5.0
Xen Xen	Version 4.6.0
Xen Xen	Version 4.6.1
Xen Xen	Version 4.6.3
Xen Xen	Version 4.7.0

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.0
Citrix Xenserver	Version 6.1
Citrix Xenserver	Version 6.2.0 sp1
Citrix Xenserver	Version 6.5.0 sp1
Citrix Xenserver	Version 7.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (20)

http://support.citrix.com/article/CTX214954

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2016/dsa-3633

Source: cve@mitre.org

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: cve@mitre.org

Release Notes

http://www.securityfocus.com/bid/92131

Source: cve@mitre.org

Third Party Advisory

http://www.securitytracker.com/id/1036446

Source: cve@mitre.org

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-182.html

Source: cve@mitre.org

MitigationPatchVendor Advisory

http://xenbits.xen.org/xsa/xsa182-4.5.patch

Source: cve@mitre.org

Patch

http://xenbits.xen.org/xsa/xsa182-4.6.patch

Source: cve@mitre.org

Patch

http://xenbits.xen.org/xsa/xsa182-unstable.patch

Source: cve@mitre.org

Patch

https://security.gentoo.org/glsa/201611-09

Source: cve@mitre.org

http://support.citrix.com/article/CTX214954

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2016/dsa-3633

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

http://www.securityfocus.com/bid/92131

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securitytracker.com/id/1036446

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-182.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

http://xenbits.xen.org/xsa/xsa182-4.5.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://xenbits.xen.org/xsa/xsa182-4.6.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://xenbits.xen.org/xsa/xsa182-unstable.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://security.gentoo.org/glsa/201611-09

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.