{
  "threat_severity" : "Important",
  "public_date" : "2016-07-26T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: x86: Privilege escalation in PV guests (XSA-182)",
    "id" : "1355987",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1355987"
  },
  "cvss" : {
    "cvss_base_score" : "6.0",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
    "status" : "draft"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
    "status" : "draft"
  },
  "details" : [ "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.", "A vulnerability was found Xen's MMU emulation for x86 PV guests.  A malicious administrator of an x86 PV guest could control some of the page table bits, allowing potential control of memory and code execution in the host.  x86 HVM and ARM guests could not exploit this flaw." ],
  "acknowledgement" : "Red Hat would like to thank the Xen project for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-6258\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6258\nhttp://xenbits.xen.org/xsa/advisory-182.html" ],
  "name" : "CVE-2016-6258",
  "csaw" : false
}