What is CVE-2016-4480?

CVE-2016-4480 is a high-severity vulnerability in Oracle Vm_server, classified under CWE-264. CVSS score: 8.4/10. Published 2016-05-18.

How severe is CVE-2016-4480?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Oracle Vm_server

CVE-2016-4480

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privile…

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Oracle Vm_server — versions 3.2, 3.3, 3.4
Xen
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
90710 (vdb-entry, x_refsource_BID)
1035901 (vdb-entry, x_refsource_SECTRACK)
DSA-3633 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-4480?: CVE-2016-4480 is a high-severity vulnerability in Oracle Vm_server, classified under CWE-264. CVSS score: 8.4/10. Published 2016-05-18.
How severe is CVE-2016-4480?: High severity. CVSS v3 base score is 8.4 out of 10.