Multiple vulnerabilities in Xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2017-10913 CVE-2017-10914 CVE-2017-10912 CVE-2017-10911 CVE-2017-10915 CVE-2017-10917 CVE-2017-10916 CVE-2017-10923 CVE-2017-10920 CVE-2017-10919 CVE-2017-10918 |
| CWE-ID | CWE-401 CWE-264 CWE-200 CWE-362 CWE-284 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU7139
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10913
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to memory read and write by malicious backend. A local attacker can obtain potentially sensitive data or gain backend-to-frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-218.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU7140
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10914
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to memory leak. A local attacker can probably cause reference counts to leak, obtain potentially sensitive data or gain host privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-218.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU7145
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10912
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the page transfer function (GNTTABOP_transfer). A local attacker on two guest systems (a PV and an HVM guest) can obtain potentially sensitive data or gain elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-217.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU7146
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10911
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information from another guest system or the host system.
The weakness exists due to improper initialization of some fields of the block interface (blkif) response structure. A local attacker can read arbitrary files from stack memory.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Xen: 4.4.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-216.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU7147
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10915
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to race condition in shadow paging emulation. A local attacker on two quest systems can gain host privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.4.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-219.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU7148
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10917
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker on the guest system to cause DoS condition.
The weakness exists due to access control flaw in the hypervisor in event channel polling. A local attacker can cause the target host system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.4.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-221.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU7149
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10916
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the host system.
The weakness exists due to information leak. A local attacker on guest system that uses the Memory Protection Extensions (MPX) and Protection Key (PKU) features and manually context switch between vCPUs can obtain potentially sensitive control information about guest address space pointers on the target system.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-220.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU7150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10923
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the host system.
The weakness exists due to array access error. A local user on the guest system can send specially crafted software generated interrupts to vCPUS that use the MMIO register GICD_SGIR (GICv2) or System Register ICC_SGI1R (GICv3) and cause the hypervisor to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.6.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-225.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Privilege escalation
EUVDB-ID: #VU7151
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10920
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to flaws in the mapping and unmapping of grant references. If a grant is mapped with both the GNTMAP_device_map and GNTMAP_host_map flags, but unmapped only with host_map, the device_map portion remains but the page reference counts are lowered as though it had been removed. This bug can be leveraged cause a page's reference counts and type counts to fall to zero while retaining writeable mappings to the page.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-224.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU7152
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10919
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the host system.
The weakness exists due to missing check. A local attacker can send a software generated interrupt to a vCPU or configure timers and cause the host system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-223.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Privilege escalation
EUVDB-ID: #VU7153
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10918
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to a memory allocation error in the physical-to-machine (P2M) mapping. A local attacker on the guest system can access restricted memory to gain elevated privileges on the host system.
Successful exploitation of the vulnerability results in privilege escalation.
Install update from vendor's website.
Xen: 4.5.0 - 4.8.1
External linkshttp://xenbits.xen.org/xsa/advisory-222.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
