CVE-2016-9382

Published: Jan 23, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

Affected (43)

Products: Xen: Xen · Citrix: Xenserver

1 product

1 product

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Version 4.0.0
Xen Xen	Version 4.0.1
Xen Xen	Version 4.0.2
Xen Xen	Version 4.0.3
Xen Xen	Version 4.0.4
Xen Xen	Version 4.1.0
Xen Xen	Version 4.1.1
Xen Xen	Version 4.1.2
Xen Xen	Version 4.1.3
Xen Xen	Version 4.1.4
Xen Xen	Version 4.1.5
Xen Xen	Version 4.1.6.1
Xen Xen	Version 4.2.0
Xen Xen	Version 4.2.1
Xen Xen	Version 4.2.2
Xen Xen	Version 4.2.3
Xen Xen	Version 4.2.4
Xen Xen	Version 4.2.5
Xen Xen	Version 4.3.0
Xen Xen	Version 4.3.1
Xen Xen	Version 4.3.2
Xen Xen	Version 4.3.3
Xen Xen	Version 4.3.4
Xen Xen	Version 4.4.0
Xen Xen	Version 4.4.1
Xen Xen	Version 4.4.2
Xen Xen	Version 4.4.3
Xen Xen	Version 4.4.4
Xen Xen	Version 4.5.0
Xen Xen	Version 4.5.1
Xen Xen	Version 4.5.2
Xen Xen	Version 4.5.3
Xen Xen	Version 4.5.5
Xen Xen	Version 4.6.0
Xen Xen	Version 4.6.1
Xen Xen	Version 4.6.3
Xen Xen	Version 4.6.4
Xen Xen	Version 4.7.0
Xen Xen	Version 4.7.1