CVE-2016-9637 Information

Description

The (1) ioport_read and (2) ioport_write functions in Xen when qemu is used as a device model within Xen might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

http://rhn.redhat.com/errata/RHSA-2016-2963.html http://www.securityfocus.com/bid/94699 http://www.securitytracker.com/id/1037397 http://xenbits.xen.org/xsa/advisory-199.html https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html https://security.gentoo.org/glsa/201612-56 https://support.citrix.com/article/CTX219136

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5