What is CVE-2016-6258?

CVE-2016-6258 is a high-severity vulnerability in Citrix Xenserver, classified under Improper Access Control. CVSS score: 8.8/10. Published 2016-08-02.

How severe is CVE-2016-6258?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Citrix Xenserver

CVE-2016-6258

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

EPSS: 0.001 (29.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Citrix Xenserver — versions 6.0, 6.0.2, 6.1
Xen — versions 3.4.0, 3.4.2, 3.4.3
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

cve@mitre.org (x_refsource_CONFIRM, Release Notes)
cve@mitre.org (x_refsource_CONFIRM, Patch, Mitigation, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
GLSA-201611-09 (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_CONFIRM, Patch)
DSA-3633 (vendor-advisory, x_refsource_DEBIAN)
1036446 (Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
92131 (Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-6258?: CVE-2016-6258 is a high-severity vulnerability in Citrix Xenserver, classified under Improper Access Control. CVSS score: 8.8/10. Published 2016-08-02.
How severe is CVE-2016-6258?: High severity. CVSS v3 base score is 8.8 out of 10.