Xen 4.6.x and Earlier: Local OS Guest Administrators Can Cause Denial of Service or Gain Host OS Privileges via libxl Device-Handling Vulnerability

Xen 4.6.x and Earlier: Local OS Guest Administrators Can Cause Denial of Service or Gain Host OS Privileges via libxl Device-Handling Vulnerability

CVE-2016-4962 · MEDIUM Severity

AV:L/AC:L/AU:S/C:C/I:C/A:C

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

Learn more about our Web Application Penetration Testing UK.