High severity7.8NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2016-9386
CVE-2016-9386
Description
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- osv-coords20 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/xen&distro=SUSE%20Manager%202.1pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/xen&distro=SUSE%20OpenStack%20Cloud%205
< 4.15.1_01-1.2+ 19 more
- (no CPE)range: < 4.15.1_01-1.2
- (no CPE)range: < 4.5.5_02-22.3.1
- (no CPE)range: < 4.7.1_02-25.1
- (no CPE)range: < 4.2.5_21-30.1
- (no CPE)range: < 4.1.6_08-32.1
- (no CPE)range: < 4.2.5_21-30.1
- (no CPE)range: < 4.4.4_10-43.5
- (no CPE)range: < 4.5.5_02-22.3.1
- (no CPE)range: < 4.7.1_02-25.1
- (no CPE)range: < 4.4.4_05-22.25.1
- (no CPE)range: < 4.4.4_10-43.5
- (no CPE)range: < 4.4.4_05-22.25.1
- (no CPE)range: < 4.5.5_02-22.3.1
- (no CPE)range: < 4.7.1_02-25.1
- (no CPE)range: < 4.4.4_10-43.5
- (no CPE)range: < 4.5.5_02-22.3.1
- (no CPE)range: < 4.7.1_02-25.1
- (no CPE)range: < 4.2.5_21-30.1
- (no CPE)range: < 4.2.5_21-30.1
- (no CPE)range: < 4.2.5_21-30.1
Patches
Vulnerability mechanics
References
5- xenbits.xen.org/xsa/advisory-191.htmlnvdPatchVendor Advisory
- support.citrix.com/article/CTX218775nvdPatchThird Party Advisory
- www.securityfocus.com/bid/94471nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037340nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201612-56nvd
News mentions
0No linked articles in our index yet.