Privilege escalation in xen (Alpine package)

1) Privilege escalation

EUVDB-ID: #VU388

Risk: Low

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2016-7092

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows local administrative user to get elevated privileges on the host system.

The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.

Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Systems Director: 6.3.2.2

xen (Alpine package): 22-1ubuntu1 - 22-1ubuntu4

xen (Alpine package): 0.2 - 0.9

xen (Alpine package): 0.4

xen (Alpine package): 2.5.3 - 2.17.5ubuntu1

xen (Alpine package): 3.4.0-1

xen (Alpine package): 0.14-1 - 0.15-2

xen (Alpine package): 2014.1-3

xen (Alpine package): 24.0-0ubuntu1

xen (Alpine package): 0.5.2-0ubuntu1 - 1.2.5ubuntu1daily13.06.14-0ubuntu1

xen (Alpine package): 3.0-0ubuntu1

xen (Alpine package): 1.21.0

xen (Alpine package): 1.2.1-2 - 1.9.4-1

xen (Alpine package): 0.2.9-1 - 0.2.11-1

xen (Alpine package): 0.5 - 1.8.37-0.1

xen (Alpine package): 5.3.28-3 - 5.3.28-4

xen (Alpine package): 1.5

xen (Alpine package): 0.4.5

xen (Alpine package): 0.3.1-0ubuntu1 - 0.10.0-3

xen (Alpine package): 1.5.3-2.6 - 2.0.3-2

xen (Alpine package): 0.100-3

xen (Alpine package): 2:1.0.6-6ubuntu2 - 2:1.6.4-1

xen (Alpine package): 1.1

xen (Alpine package): 3.0pl1-51 - 3.0pl1-119

xen (Alpine package): 1.0.0-0ubuntu2

xen (Alpine package): 2.4.2-16 - 2.4.2-38

xen (Alpine package): 0.98-1

xen (Alpine package): 4.5.8-1 - 8.20-3ubuntu4

xen (Alpine package): 0.2.10-4 - 0.4.6-3

xen (Alpine package): 1.34

xen (Alpine package): 1:0.8.6-0ubuntu4 - 1:0.9.7.6-0ubuntu2

xen (Alpine package): 2.8.12.1-1.6

xen (Alpine package): 2.1.0

xen (Alpine package):

xen (Alpine package): before 4.4.4-r1

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_systems_director:6.3.2.2:*:*:*:*:*:*:*
• cpe:2.3:o:alpine:xen_alpine_package:22-1ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:22-1ubuntu2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:22-1ubuntu4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.9:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2.5.3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2.6.2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:3.4.0-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.14-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2014.1-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:24.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.5.2-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:3.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.21.0:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.2.1-2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.2.9-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:5.3.28-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.4.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.3.1-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.5.3-2.6:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.100-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2:1.0.6-6ubuntu2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:3.0pl1-51:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.0.0-0ubuntu2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2.4.2-16:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.98-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:4.5.8-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:0.2.10-4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1.34:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:1:0.8.6-0ubuntu4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2.8.12.1-1.6:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:2.1.0:*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package::*:*:*:*:alpine_linux:*:*
• cpe:2.3:o:alpine:xen_alpine_package:*:*:*:*:*:alpine_linux:*:3.1

External links

https://git.alpinelinux.org/aports/commit/?id=68368249e3421886c66d79df3bd184f6ff617041
https://git.alpinelinux.org/aports/commit/?id=5c041535044ad1c1cedc665c2d20f860fd0d58f3
https://git.alpinelinux.org/aports/commit/?id=716fb7870a1867cea94cca60f29602002a6f6f21
https://git.alpinelinux.org/aports/commit/?id=e0820355243b6bca932690909185512b442abafc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.