Multiple vulnerabilities in Xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10917 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 |
| CWE-ID | CWE-264 CWE-362 CWE-476 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU7499
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10912
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper handling of page transfer. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-217.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU7500
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10913
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a backend attacker to gain frontend privileges.
The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-218.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU7501
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10914
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to a race condition in the grant-table feature. A local attacker can trigger double free error and memory consumption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-218.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU7502
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10915
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to a race condition when managing page references by the shadow-paging feature.. A local OS attacker can gain Xen privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.4.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-219.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Null pointer dereference
EUVDB-ID: #VU7503
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper validation of the port numbers of polled event channel ports. A local attacker can trigger NULL pointer dereference and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 3.4.4 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-218.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Privilege escalation
EUVDB-ID: #VU7504
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10918
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper validation of memory allocations during certain P2M operations. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-222.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU7505
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper handling of a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature, when followed by only a GNTMAP_host_map unmapping. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-224.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU7506
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10921
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-224.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU7507
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10922
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
CPE2.3- cpe:2.3:a:xen_project:xen:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.5.2:*:*:*:*:*:*:*
http://xenbits.xen.org/xsa/advisory-224.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
