Candidate: CVE-2016-7093
PublicDate: 2016-09-21 14:25:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7093
 http://xenbits.xen.org/xsa/advisory-186.html
Description:
 Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to
 overwrite hypervisor memory and consequently gain host OS privileges by
 leveraging mishandling of instruction pointer truncation during emulation.
Ubuntu-Description:
Notes:
 mdeslaur> hypervisor packages are in universe. For
 mdeslaur> issues in the hypervisor, add appropriate
 mdeslaur> tags to each section, ex:
 mdeslaur> Tags_xen: universe-binary
Bugs:
Priority: medium
Discovered-by: Brian Marcotte
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H [8.2 HIGH]

Patches_xen:
Tags_xen: universe-binary
upstream_xen: needs-triage
precise_xen: not-affected
trusty_xen: not-affected
trusty/esm_xen: DNE (trusty was not-affected)
vivid/ubuntu-core_xen: DNE
vivid/stable-phone-overlay_xen: DNE
xenial_xen: not-affected (4.6.0-1ubuntu4.1)
esm-infra/xenial_xen: not-affected (4.6.0-1ubuntu4.1)
devel_xen: not-affected (4.6.0-1ubuntu5)