SUSE Linux update for xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 |
| CWE-ID | CWE-787 CWE-362 CWE-476 CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU8424
Risk: Low
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14316
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to out-of-bounds array access in the processing of NUMA node
parameters. An adjacent attacker can invoke specially crafted hypercalls and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00070.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU8426
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14317
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the host system.
The weakness exists due to race condition in cxenstored. An adjacent attacker can shut down a virtual machine with a stubdomain, trigger a double-free memory error and cause the xenstored daemon to crash.
The vulnerability is exploitable on the systems running the C
version os xenstored ("xenstored") and running devicemodel stubdomains.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00070.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU8425
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14318
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS condition on the host system.
The weakness exists due to NULL pointer deference in certain GNTTABOP_cache_flush grant table operations. If exploited on x86-based PV guest systems without SMAP enabled, an adjacent attacker can gain elevated privileges. If exploited on ARM-based guest systems and x86-based PV guest systems that have SMAP enabled, an adjacent attacker can cause the host system to crash.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00070.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU8427
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14319
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS condition on the host system.
The weakness exists due to a flaw in grant unmapping. A local attacker on
an x86 PV guest system can gain
elevated privileges on the host system or cause the hypervisor to crash.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-09/msg00070.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
