{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-07T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "94699", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94699"}, {"name": "GLSA-201612-56", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201612-56"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX219136"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-199.html"}, {"name": "1037397", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037397"}, {"name": "RHSA-2016:2963", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2963.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9637", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "94699", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94699"}, {"name": "GLSA-201612-56", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201612-56"}, {"name": "https://support.citrix.com/article/CTX219136", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX219136"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"name": "http://xenbits.xen.org/xsa/advisory-199.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-199.html"}, {"name": "1037397", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037397"}, {"name": "RHSA-2016:2963", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2963.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:59:03.139Z"}, "title": "CVE Program Container", "references": [{"name": "94699", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94699"}, {"name": "GLSA-201612-56", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201612-56"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX219136"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-199.html"}, {"name": "1037397", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037397"}, {"name": "RHSA-2016:2963", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2963.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9637", "datePublished": "2017-02-16T18:00:00", "dateReserved": "2016-11-23T00:00:00", "dateUpdated": "2024-08-06T02:59:03.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access."}, {"lang": "es", "value": "Las funciones (1) ioport_read y (2) ioport_write en Xen, cuando qemu es utilizado como un modelo de dispositivo dentro de Xen, podr\u00eda permitir a administradores locales del SO invitado x86 HVM obtener privilegios del proceso qemu a trav\u00e9s de vectores que involucran un acceso ioport fuera de rango."}], "id": "CVE-2016-9637", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-17T02:59:13.967", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2963.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/94699"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037397"}, {"source": "cve@mitre.org", "url": "http://xenbits.xen.org/xsa/advisory-199.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201612-56"}, {"source": "cve@mitre.org", "url": "https://support.citrix.com/article/CTX219136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/94699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-199.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201612-56"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.citrix.com/article/CTX219136"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:2963", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xen-0:3.0.3-148.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-12-20T00:00:00Z"}], "bugzilla": {"description": "Xen: qemu ioport out-of-bounds array access (XSA-199)", "id": "1397043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397043"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.", "An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host."], "name": "CVE-2016-9637", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2016-12-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9637\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9637\nhttp://xenbits.xen.org/xsa/advisory-199.html"], "threat_severity": "Important"}

{}