CVE-2007-6416

The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/41344
http://secunia.com/advisories/28146
http://secunia.com/advisories/28643
http://www.redhat.com/support/errata/RHSA-2008-0089.html
http://www.securityfocus.com/bid/26954
http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7	Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840

Configurations

Configuration 1 (hide)

cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-12-17 23:46

Updated : 2024-02-28 11:01

NVD link : CVE-2007-6416

Mitre link : CVE-2007-6416

CVE.ORG link : CVE-2007-6416

JSON object : View

Products Affected

xen

xen

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-6416", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-12-17T23:46:00.000", "references": [{"url": "http://osvdb.org/41344", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28146", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28643", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26954", "source": "cve@mitre.org"}, {"url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."}, {"lang": "es", "value": "La funci\u00f3n copy_to_user en la funcionalidad del emulador PAL para Xen 3.1.2 y anteriores, cuando funciona sobre sistemas ia64, permite a un usuario invitado HVM acceder a la memoria f\u00edsica de su elecci\u00f3n a trav\u00e9s de un disparo de ciertas operaciones de mapeo."}], "lastModified": "2017-09-29T01:29:55.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3C0C052-D6BA-4BC8-A64B-1A90CA572186"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}