CVE-2016-4480

{"id": "CVE-2016-4480", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2016-05-18T14:59:05.413", "references": [{"url": "http://www.debian.org/security/2016/dsa-3633", "source": "cve@mitre.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/90710", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1035901", "source": "cve@mitre.org"}, {"url": "http://xenbits.xen.org/xsa/advisory-176.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory."}, {"lang": "es", "value": "La funci\u00f3n guest_walk_tables en arch/x86/mm/guest_walk en Xen 4.6.x y versiones anteriores no maneja adecuadamente el bit de entrada a la tabla de p\u00e1gina Page Size (PS) en los niveles de tabla de p\u00e1gina L4 y L3, lo que podr\u00eda permitir a usuarios locales hu\u00e9spedes del sistema operativo obtener privilegios a trav\u00e9s de un mapa de memoria manipulado."}], "lastModified": "2016-12-01T03:10:58.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FEC7F7E-AA94-4405-93D6-D0194A37D3C9"}, {"criteria": "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D62B2C-40E5-41B7-9DAA-029BCD079054"}, {"criteria": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BA58099-26F7-4B01-B9FC-275F012FE9C6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF989165-3B7E-4743-8E97-6558BD164A8F", "versionEndIncluding": "4.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}