Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2016-3157

Published: 12/04/2016 Updated: 03/12/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen 4.0.0

canonical ubuntu linux 12.04

Vendor Advisories

Debian Security Advisories: DSA-3607-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Sec ...
Amazon Linux AMI: ALAS-2016-669
When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks (CVE-2016-3157) In some cases, the kernel did not correctly fix backward jumps ...
Red Hat: CVE-2016-3157
A flaw in the Linux kernel was found in the way IOPL was handled during context switches in 64-bit Xen PV guests A local guest user could potentially use this flaw to escalate their privileges in the guest ...
Ubuntu Security Notice: linux-lts-vivid vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-wily vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-snapdragon vulnerability
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...

References

CWE-264http://xenbits.xen.org/xsa/advisory-171.htmlhttp://www.ubuntu.com/usn/USN-2997-1http://www.ubuntu.com/usn/USN-2996-1http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/84594http://www.debian.org/security/2016/dsa-3607http://www.ubuntu.com/usn/USN-2968-1http://www.ubuntu.com/usn/USN-2969-1http://www.ubuntu.com/usn/USN-2971-1http://www.ubuntu.com/usn/USN-2971-2http://www.ubuntu.com/usn/USN-2970-1http://www.ubuntu.com/usn/USN-2971-3http://www.ubuntu.com/usn/USN-2968-2http://www.securitytracker.com/id/1035308https://nvd.nist.govhttps://www.debian.org/security/./dsa-3607https://usn.ubuntu.com/2970-1/https://access.redhat.com/security/cve/cve-2016-3157
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook