ubuntu · CVE-2016-9637

Quick triage

Priority: medium Published: 2017-02-17 02:59:00 UTC Updated: 2025-08-25 22:14:37 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-9637 medium priority: Ubuntu including 3 source packages (qemu, qemu-kvm, xen), 15 status rows across 5 suites (precise, trusty, upstream, xenial, yakkety): not-affected 6, DNE 4, needs-triage 3, released 2.

Description:

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

cvelogic Threat Intelligence