SB2017101903 - Gentoo update for Xen
Published: October 19, 2017
Security Bulletin ID
SB2017101903
Severity
Low
Patch available
YES
Number of vulnerabilities
8
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2017-10912)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to improper handling of page transfer. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
2) Privilege escalation (CVE-ID: CVE-2017-10913)
The vulnerability allows a backend attacker to gain frontend privileges.The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
3) Race condition (CVE-ID: CVE-2017-10914)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to a race condition in the grant-table feature. A local attacker can trigger double free error and memory consumption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Privilege escalation (CVE-ID: CVE-2017-10915)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to a race condition when managing page references by the shadow-paging feature.. A local OS attacker can gain Xen privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
5) Privilege escalation (CVE-ID: CVE-2017-10918)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to improper validation of memory allocations during certain P2M operations. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
6) Memory corruption (CVE-ID: CVE-2017-10920)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper handling of a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature, when followed by only a GNTMAP_host_map unmapping. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Memory corruption (CVE-ID: CVE-2017-10921)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Memory corruption (CVE-ID: CVE-2017-10922)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.