CVE-2016-4962

Name: CVE-2016-4962
Creator: NVD / NIST
Published: 2016-06-07T14:06:15.217+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.40%

Last modified Jun 17, 2026

CVE-2016-4962 is a vulnerability of currently unknown severity. The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.

Metrics

EPSS Probability

0.40%

31.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Oracle	Vm Server	3.3
Oracle	Vm Server	3.4
Xen	Xen	4.3.0
Xen	Xen	4.3.1
Xen	Xen	4.3.2
Xen	Xen	4.3.3
Xen	Xen	4.3.4
Xen	Xen	4.4.0
Xen	Xen	4.4.1
Xen	Xen	4.4.2
Xen	Xen	4.4.3
Xen	Xen	4.4.4
Xen	Xen	4.5.0
Xen	Xen	4.5.1
Xen	Xen	4.5.2
Xen	Xen	4.5.3
Xen	Xen	4.6.0
Xen	Xen	4.6.1

References

http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlVendor Advisory
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023Third Party Advisory, VDB Entry
http://xenbits.xen.org/xsa/advisory-175.htmlVendor Advisory
http://www.debian.org/security/2016/dsa-3633
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlVendor Advisory
http://www.securityfocus.com/bid/91006
http://www.securitytracker.com/id/1036023Third Party Advisory, VDB Entry
http://xenbits.xen.org/xsa/advisory-175.htmlVendor Advisory

Timeline

Published: Jun 7, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4962?

How severe is CVE-2016-4962?

Severity scoring for CVE-2016-4962 is pending analysis. The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4962?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4962?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST