These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
Published on 2017-01-26, CVE-2016-9932 describes a Xen x86 hypervisor flaw where CMPXCHG8B emulation mishandles a supposedly ignored operand-size prefix. In affected Xen 3.3.x through 4.7.x builds, a local HVM guest user may be able to read sensitive information from host stack memory. The NVD record rates this as low severity (CVSS 3.3) and the provided vector limits impact to confidentiality, with no di [truncated]
CVE-2016-10025 is a Xen hypervisor denial-of-service issue affecting x86 systems using AMD virtualization extensions (SVM). NVD describes it as a missing NULL pointer check in VMFUNC emulation, which can let a local user inside an HVM guest crash the hypervisor. The impact is availability-only: no confidentiality or integrity impact is indicated by the CVSS vector. NVD published the record on 2017-01-26 a [truncated]
CVE-2016-10013 is a high-severity Xen vulnerability affecting 64-bit x86 HVM guests. According to the CVE description, mishandling of SYSCALL singlestep during emulation can let a local guest user gain privileges. This is primarily a concern for environments that run affected Xen releases and expose 64-bit x86 HVM guest workloads to potentially untrusted users. The CVE was published on 2017-01-26.
CVE-2016-9385 is a Xen hypervisor denial-of-service issue affecting x86 PV guest environments. According to NVD, a local attacker with high privileges inside a guest could trigger a host crash by abusing x86 segment base write emulation where canonical address checks were missing.
CVE-2016-9382 describes a Xen flaw in x86 task switching to VM86 mode. According to NVD, the issue affects Xen 4.0.x through 4.7.x and selected Citrix XenServer releases. A local user inside a 32-bit x86 HVM guest may be able to gain privileges or crash the guest OS, depending on how the guest operating system uses hardware task switching and starts new tasks in VM86 mode. NVD rates the issue HIGH with CV [truncated]