Fedora 25 update for xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-8903 CVE-2017-8904 CVE-2017-8905 |
| CWE-ID | CWE-264 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU6843
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-8903
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the GNTTABOP_transfer operation. A local attacker can use a specially crafted IRET hypercall, gain write access to kernel page tables and execute arbitrary code on the host OS with elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
xen: before 4.7.2-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-5ae70ac6a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU6844
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-8904
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to an error in the GNTTABOP_transfer operation. A local attacker can transfer a page to another guest, access all of the system memory and execute arbitrary code on the host OS with elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
xen: before 4.7.2-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-5ae70ac6a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU6845
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-8905
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient validation of user-supplied input. A local attacker can use a failsafe callback to modify part of a physical memory page, execute arbitrary code on the host OS with elevated privileges.
Successful exploitation of the vulnerability may result in privilege escalation.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 25
xen: before 4.7.2-6.fc25
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2017-5ae70ac6a5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
