CVE-2016-9381

Name
CVE-2016-9381
Description
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory http://www.securityfocus.com/bid/94476
Third Party Advisory http://www.securitytracker.com/id/1037344
Third Party Advisory http://xenbits.xen.org/xsa/advisory-197.html
Third Party Advisory https://security.gentoo.org/glsa/201612-56
Third Party Advisory https://support.citrix.com/article/CTX218775

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* qemu >= None <= 2.7.1
cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:* qemu == None == 2.8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen edge-main 4.7.1-r1 None fixed
xen 3.22-main 4.7.1-r1 None fixed
xen 3.21-main 4.7.1-r1 None fixed
xen 3.20-main 4.7.1-r1 None fixed
xen 3.19-main 4.7.1-r1 None fixed
xen 3.18-main 4.7.1-r1 None fixed
xen 3.17-main 4.7.1-r1 None fixed
xen 3.12-main 4.7.1-r1 None fixed
xen 3.11-main 4.7.1-r1 None fixed
xen 3.10-main 4.7.1-r1 None fixed