SB2016111503 - Gentoo update for Xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016111503

SB2016111503 - Gentoo update for Xen

Published: November 15, 2016 Updated: November 15, 2016

Security Bulletin ID SB2016111503
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2016-6258)

The vulnerability allows a local authenticated user to execute arbitrary code.

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.


2) Privilege escalation (CVE-ID: CVE-2016-7092)

The vulnerability allows local administrative user to get elevated privileges on the host system.

The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.

Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.

3) Access control error (CVE-ID: CVE-2016-7093)

The vulnerability allows local user to get elevated privileges on the host system.

The vulnerability exists due to instruction pointer truncation error that allows a local administrative user on the HVM guest system to gain priviliges on the target system.

Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.

4) Buffer overflow (CVE-ID: CVE-2016-7094)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.


5) Information disclosure (CVE-ID: CVE-2016-7777)

The vulnerability allows a local unprivileged user to obtain potentially sensitive information on the guest system.
The weakness is caused by insufficient access control mechanisms. A local unprivileged user of a guest operating system can trigger the Xen instruction emulator by attempting to execute an invalid opcode and read or modify FPU, MMX, and XMM register state data of another process within the same guest system.
Successful exploitation of the vulnerability leads to register state information disclosure and corruption.

Remediation

Install update from vendor's website.

References