Launchpad.net

CVE 2016-4480

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Related bugs and status

CVE-2016-4480 (Candidate) is related to these bugs:

Bug #1583960: CVE-2016-4480

		In	Importance	Status
1583960	CVE-2016-4480	linux (Ubuntu)	Low	New
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu)	Low	New
1583960	CVE-2016-4480	linux (Ubuntu Yakkety)	Low	Won't Fix
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Yakkety)	Low	New
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux (Ubuntu Xenial)	Low	New
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Xenial)	Low	New
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux (Ubuntu Wily)	Low	New
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Wily)	Low	New
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux (Ubuntu Trusty)	Low	New
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux (Ubuntu Precise)	Low	Won't Fix
1583960	CVE-2016-4480	linux-raspi2 (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-ti-omap4 (Ubuntu Precise)	Low	Won't Fix
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Precise)	Low	Won't Fix
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-trusty (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Precise)	Low	Won't Fix
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux-armadaxp (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Trusty)	Low	New
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Vivid)	Undecided	New
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-xenial (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Trusty)	Low	New
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-vivid (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux-goldfish (Ubuntu)	Low	New
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Vivid)	Undecided	New
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Wily)	Low	New
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Xenial)	Low	New
1583960	CVE-2016-4480	linux-goldfish (Ubuntu Yakkety)	Low	New
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Vivid)	Undecided	Won't Fix
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Xenial)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-saucy (Ubuntu Yakkety)	Low	Invalid
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu)	Low	New
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Trusty)	Low	Invalid
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Vivid)	Undecided	New
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Wily)	Low	Invalid
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Xenial)	Low	New
1583960	CVE-2016-4480	linux-snapdragon (Ubuntu Yakkety)	Low	New
1583960	CVE-2016-4480	linux-lts-wily (Ubuntu)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-wily (Ubuntu Precise)	Low	Invalid
1583960	CVE-2016-4480	linux-lts-wily (Ubuntu Trusty)	Low	New
1583960	CVE-2016-4480	linux-lts-wily (Ubuntu Vivid)	Undecided	New
1583960	CVE-2016-4480	linux-lts-wily (Ubuntu Wily)	Low	Invalid

Bug #1671760: Xen HVM guests running linux 4.10 fail to boot on Intel hosts

		In	Importance	Status
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	xen (Ubuntu)	High	Fix Released
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	xen (Ubuntu Zesty)	High	Fix Released
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	xen (Ubuntu Trusty)	High	Fix Released
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	xen (Ubuntu Yakkety)	High	Fix Released
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	xen (Ubuntu Xenial)	High	Fix Released
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	linux (Ubuntu)	Undecided	Won't Fix
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	linux (Ubuntu Trusty)	Undecided	Invalid
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	linux (Ubuntu Xenial)	Undecided	Invalid
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	linux (Ubuntu Yakkety)	Undecided	Invalid
1671760	Xen HVM guests running linux 4.10 fail to boot on Intel hosts	linux (Ubuntu Zesty)	Undecided	Won't Fix

Bug #1671864: Xen stable update to 4.6.5

Summary				In	Importance	Status
	1671864	Xen stable update to 4.6.5		xen (Ubuntu)	Medium	Invalid
	1671864	Xen stable update to 4.6.5		xen (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://xenbits.xen.org...
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3633
BID: 90710
SECTRACK: 1035901