CVE-2016-7093
8.2
HIGH
CVSS 3.1
EPSS 0.06%
Description
Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
How to fix CVE-2016-7093
To remediate CVE-2016-7093, upgrade the affected package to a fixed version below.
- Alpine/xen—upgrade to 4.7.0-r1 or later
Is CVE-2016-7093 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.7.0-r1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |