Privilege escalation in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-14319 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU8427
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14319
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS condition on the host system.
The weakness exists due to a flaw in grant unmapping. A local attacker on
an x86 PV guest system can gain
elevated privileges on the host system or cause the hypervisor to crash.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.5.0-r0 - 4.6.3-r10
External linkshttp://git.alpinelinux.org/aports/commit/?id=777808728eee590185d5d0f60357c3e334fa40cd
http://git.alpinelinux.org/aports/commit/?id=88fbbb90ca25cd6378753538feb327abf36a30ac
http://git.alpinelinux.org/aports/commit/?id=91aea7ba80331c34e950b9ccb02e757d4471325c
http://git.alpinelinux.org/aports/commit/?id=902758ce76df95964c0d12e7cea24d7013cecf81
http://git.alpinelinux.org/aports/commit/?id=9e8bfa9f6da89fa610692d159505391749ab3bdf
http://git.alpinelinux.org/aports/commit/?id=37a17c61fd9573ea51e77597bf4cd57b127d48ea
http://git.alpinelinux.org/aports/commit/?id=ccc49b6e6d7e85267b83fd27bbbc66cd4c17417a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
