#VU388 Privilege escalation in Xen - CVE-2016-7092

Cybersecurity Help s.r.o.

Published: 2016-09-09 | Updated: 2018-03-26

Vulnerability identifier: #VU388

Vulnerability risk: Low

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2016-7092

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description
The vulnerability allows local administrative user to get elevated privileges on the host system.

The vulnerability exists due to entrying of L3 code in 64-bit hypervisor by administrative user of 32-bit PV that allows him to gain privileges on the target system.

Successful exploitation of this vulnerability will result in gaining elevated privileges by the guest attacker.

Mitigation

Install patched version from vendor's website: xsa185.patch

Vulnerable software versions

Xen: 4.1.6 - 4.7.0

External links
https://xenbits.xen.org/xsa/advisory-185.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for Xen

SUSE Linux update for xen

Privilege escalation in xen (Alpine package)

Privilege escalation in Xen