{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28643"}, {"name": "oval:org.mitre.oval:def:9840", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"}, {"name": "26954", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26954"}, {"name": "28146", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28146"}, {"name": "41344", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41344"}, {"name": "RHSA-2008:0089", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6416", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28643"}, {"name": "oval:org.mitre.oval:def:9840", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"}, {"name": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7", "refsource": "CONFIRM", "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"}, {"name": "26954", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26954"}, {"name": "28146", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28146"}, {"name": "41344", "refsource": "OSVDB", "url": "http://osvdb.org/41344"}, {"name": "RHSA-2008:0089", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.663Z"}, "title": "CVE Program Container", "references": [{"name": "28643", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28643"}, {"name": "oval:org.mitre.oval:def:9840", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"}, {"name": "26954", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26954"}, {"name": "28146", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28146"}, {"name": "41344", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41344"}, {"name": "RHSA-2008:0089", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6416", "datePublished": "2007-12-17T23:00:00.000Z", "dateReserved": "2007-12-17T00:00:00.000Z", "dateUpdated": "2024-08-07T16:02:36.663Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3C0C052-D6BA-4BC8-A64B-1A90CA572186", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."}, {"lang": "es", "value": "La funci\u00f3n copy_to_user en la funcionalidad del emulador PAL para Xen 3.1.2 y anteriores, cuando funciona sobre sistemas ia64, permite a un usuario invitado HVM acceder a la memoria f\u00edsica de su elecci\u00f3n a trav\u00e9s de un disparo de ciertas operaciones de mapeo."}], "id": "CVE-2007-6416", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-17T23:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41344"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28146"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28643"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26954"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0089.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0089", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-53.1.6.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-01-23T00:00:00Z"}], "bugzilla": {"description": "Security: vulnerability of copy_to_user in PAL emulation", "id": "425381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=425381"}, "csaw": false, "details": ["The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations."], "name": "CVE-2007-6416", "public_date": "2007-12-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-6416\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-6416"], "threat_severity": "Important"}

{}