VDB

ALPINE-CVE-2016-9386

ALPINE-CVE-2016-9386 PUBLISHED CVSS 7.800000190734863 HIGH

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

Risk Scores

CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.7xen0, 4.7.1-r0, 0
Alpine:v3.23xen4.3.3-r0, 0, 4.7.1-r0
Alpine:v3.21xen4.7.1-r0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.12xen4.7.1-r0, 0, 4.0.1-r1
Alpine:v3.20xen4.4.2-r1, 4.1.2-r7, 0
Alpine:v3.22xen0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.9xen4.7.1-r0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.5xen0, 0, 4.0.1-r0
Alpine:v3.8xen0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.10xen4.2.1-r10, 0, 4.0.1-r1
Alpine:v3.16xen4.0.1-r2, 0, 4.7.1-r0
Alpine:v3.17xen4.7.1-r0, 0, 4.1.0-r2
Alpine:v3.19xen4.0.1-r1, 4.0.1-r0, 4.1.0-r0
Alpine:v3.13xen4.1.0-r0, 0, 0
Alpine:v3.18xen0, 4.7.1-r0, 4.7.0-r5
Alpine:v3.24xen0
Alpine:v3.14xen4.0.1-r2, 4.0.1-r3, 4.1.0-r0
Alpine:v3.6xen4.0.1-r0, 4.7.1-r0, 4.7.0-r5
Alpine:v3.15xen0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.11xen0, 4.7.0-r5, 4.7.0-r4

Timeline

  • Jan 23, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›