CVE 2016-9379
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
Related bugs and status
CVE-2016-9379 (Candidate) is related to these bugs:
Bug #1396670: gdbsx missing
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1396670 | gdbsx missing | xen (Ubuntu) | Medium | Fix Released | ||
| 1396670 | gdbsx missing | xen (Ubuntu Yakkety) | Medium | Fix Released | ||
Bug #1671760: Xen HVM guests running linux 4.10 fail to boot on Intel hosts
Bug #1671864: Xen stable update to 4.6.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1671864 | Xen stable update to 4.6.5 | xen (Ubuntu) | Medium | Invalid | ||
| 1671864 | Xen stable update to 4.6.5 | xen (Ubuntu Xenial) | Medium | Fix Released | ||
Bug #1672767: Xen stable update to 4.7.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1672767 | Xen stable update to 4.7.2 | xen (Ubuntu) | Medium | Invalid | ||
| 1672767 | Xen stable update to 4.7.2 | xen (Ubuntu Yakkety) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
