Risk | Low |
Patch available | YES |
Number of vulnerabilities | 8 |
CVE-ID | CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10918 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 |
CWE-ID | CWE-264 CWE-362 CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
EUVDB-ID: #VU7499
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10912
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper handling of page transfer. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7500
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10913
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a backend attacker to gain frontend privileges.
The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7501
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10914
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to a race condition in the grant-table feature. A local attacker can trigger double free error and memory consumption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7502
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10915
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to a race condition when managing page references by the shadow-paging feature.. A local OS attacker can gain Xen privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7504
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10918
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper validation of memory allocations during certain P2M operations. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7505
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper handling of a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature, when followed by only a GNTMAP_host_map unmapping. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7506
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10921
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7507
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10922
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
app-emulation/xen to version: 4.7.3
app-emulation/xen-pvgrub to version: 4.7.3
app-emulation/xen-tools to version: 4.7.3
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/glsa/201710-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.