#VU17905 Improper access control in Xen - CVE-2019-17342

Cybersecurity Help s.r.o.

Published: 2019-03-06 | Updated: 2020-07-28

Vulnerability identifier: #VU17905

Vulnerability risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-17342

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description
The vulnerability allows a local user to escalate privileges on the host system.

The vulnerability exists due security violations within the page structure access control implementation with introduction of XENMEM_exchange hypercall. A local user can leak arbitrary amounts of memory or use a cooperating pair of PV and HVM/PVH guests to get a writable pagetable entry and escalate privileges on the host operating system.

Mitigation

Apply the following patches:

xsa287.meta
xsa287.patch
xsa287-4.7.patch
xsa287-4.8.patch
xsa287-4.9.patch
xsa287-4.10.patch
xsa287-4.11.patch

Vulnerable software versions

Xen: 4.7.0 - 4.11.1

External links
https://xenbits.xen.org/xsa/advisory-287.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Debian update for xen

Multiple vulnerabilities in Xen