SB2017070803 - openSUSE update for Xen
Published: July 8, 2017 Updated: July 13, 2017
Security Bulletin ID
SB2017070803
Severity
Low
Patch available
YES
Number of vulnerabilities
11
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2017-10912)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to improper handling of page transfer. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
2) Privilege escalation (CVE-ID: CVE-2017-10913)
The vulnerability allows a backend attacker to gain frontend privileges.The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
3) Race condition (CVE-ID: CVE-2017-10914)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to a race condition in the grant-table feature. A local attacker can trigger double free error and memory consumption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Privilege escalation (CVE-ID: CVE-2017-10915)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to a race condition when managing page references by the shadow-paging feature.. A local OS attacker can gain Xen privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
5) Null pointer dereference (CVE-ID: CVE-2017-10917)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper validation of the port numbers of polled event channel ports. A local attacker can trigger NULL pointer dereference and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Privilege escalation (CVE-ID: CVE-2017-10918)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to improper validation of memory allocations during certain P2M operations. A local OS attacker can gain host privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation.
7) Memory corruption (CVE-ID: CVE-2017-10920)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper handling of a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature, when followed by only a GNTMAP_host_map unmapping. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Memory corruption (CVE-ID: CVE-2017-10921)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Memory corruption (CVE-ID: CVE-2017-10922)
The vulnerability allows a local attacker to cause DoS conditions.The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Memory corruption (CVE-ID: CVE-2017-8309)
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.11) Infinite loop (CVE-ID: CVE-2017-9330)
Quick Emulator built with the USB OHCI Emulation support is vulnerable to an infinite loop issue. It could occur while processing an endpoint list descriptor in ohci_service_ed_list(). A guest user/process could use this flaw to crash Qemu process resulting in DoS.Remediation
Install update from vendor's website.