Gentoo update for Xen

1) Privilege escalation

EUVDB-ID: #VU6843

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8903

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the GNTTABOP_transfer operation. A local attacker can use a specially crafted IRET hypercall, gain write access to kernel page tables and execute arbitrary code on the host OS with elevated privileges.

Successful exploitation of the vulnerability results in privilege escalation.

Mitigation

Update the affected packages to version:
app-emulation/xen-4.7.2-r1
app-emulation/xen-tools-4.7.2
app-emulation/xen-pvgrub-4.7.2

Vulnerable software versions

Gentoo app-emulation/xen-pvgrub: 4.7.1

Gentoo app-emulation/xen-tools: 4.7.1

Gentoo app-emulation/xen: 4.7.1

Gentoo Linux: All versions

External links

http://security.gentoo.org/glsa/201705-11

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Privilege escalation

EUVDB-ID: #VU6844

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8904

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the GNTTABOP_transfer operation. A local attacker can transfer a page to another guest, access all of the system memory and execute arbitrary code on the host OS with elevated privileges.

Successful exploitation of the vulnerability results in privilege escalation.

Mitigation

Update the affected packages to version:
app-emulation/xen-4.7.2-r1
app-emulation/xen-tools-4.7.2
app-emulation/xen-pvgrub-4.7.2

Vulnerable software versions

Gentoo app-emulation/xen-pvgrub: 4.7.1

Gentoo app-emulation/xen-tools: 4.7.1

Gentoo app-emulation/xen: 4.7.1

Gentoo Linux: All versions

External links

http://security.gentoo.org/glsa/201705-11

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Privilege escalation

EUVDB-ID: #VU6845

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8905

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can use a failsafe callback to modify part of a physical memory page, execute arbitrary code on the host OS with elevated privileges.

Successful exploitation of the vulnerability may result in privilege escalation.

Mitigation

Update the affected packages to version:
app-emulation/xen-4.7.2-r1
app-emulation/xen-tools-4.7.2
app-emulation/xen-pvgrub-4.7.2

Vulnerable software versions

Gentoo app-emulation/xen-pvgrub: 4.7.1

Gentoo app-emulation/xen-tools: 4.7.1

Gentoo app-emulation/xen: 4.7.1

Gentoo Linux: All versions

External links

http://security.gentoo.org/glsa/201705-11

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.