Multiple vulnerabilities in Xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2019-17348 CVE-2019-17347 CVE-2019-17346 CVE-2019-17345 CVE-2019-17344 CVE-2019-17343 CVE-2019-17342 CVE-2019-17341 CVE-2019-17340 |
| CWE-ID | CWE-399 CWE-264 CWE-362 CWE-284 CWE-401 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU17899
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17348
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient TLB flushing when using PCID on 64-bit x86 PV guest systems. A local user with access to guest operating system can use a specially crafted program to crash the Xen host.
Mitigationxsa294/4.8.patch
xsa294/4.9.patch
xsa294/4.10.patch
xsa294/4.11.patch
xsa294/unstable.patch
Xen: 4.7.6 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-294.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU17900
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17347
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the guest system.
The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.
This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.
xsa293/4.7-1.patch
xsa293/4.7-2.patch
xsa293/4.7-3.patch
xsa293/4.8-1.patch
xsa293/4.8-2.patch
xsa293/4.8-3.patch
xsa293/4.9-1.patch
xsa293/4.9-2.patch
xsa293/4.10-1.patch
xsa293/4.10-2.patch
xsa293/4.11-1.patch
xsa293/4.11-2.patch
xsa293/unstable-1.patch
xsa293/unstable-2.patch
Xen: 4.1.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-293.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU17901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17346
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when processing TLB flushing on PCID-enabled guest system. A local user of guest operating system can crash a hosts system or execute arbitrary code on other guests.
Only x86 systems with at least one PCID-enabled PV guest are vulnerable.
MitigationXen: 4.7.6 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-292.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU17902
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17345
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error related to page type reference counting with failed IOMMU update. A local user of guest operating system can use a specially crafted kernel to perform denial of service attack against the host system.
Xen: 4.8.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-291.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU17903
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17344
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error related to missing preemption in x86 PV page table unvalidation. A local user of guest operating system can use a specially crafted kernel to perform denial of service attack against the host system.
Mitigationxsa290/4.7-1.patch
xsa290/4.7-2.patch
xsa290/4.8-1.patch
xsa290/4.8-2.patch
xsa290/4.9-1.patch
xsa290/4.9-2.patch
xsa290/4.10-1.patch
xsa290/4.10-2.patch
xsa290/4.11-1.patch
xsa290/4.11-2.patch
xsa290/unstable-1.patch
xsa290/unstable-2.patch
Xen: 4.7.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-290.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU17904
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17343
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure processing of PV domains and related configuration. An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation.
Xen: 4.7.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-288.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU17905
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17342
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the host system.
The vulnerability exists due security violations within the page structure access control implementation with introduction of XENMEM_exchange hypercall. A local user can leak arbitrary amounts of memory or use a cooperating pair of PV and HVM/PVH guests to get a writable pagetable entry and escalate privileges on the host operating system.
xsa287.patch
xsa287-4.7.patch
xsa287-4.8.patch
xsa287-4.9.patch
xsa287-4.10.patch
xsa287-4.11.patch
Xen: 4.7.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-287.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU17906
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17341
Exploit availability: No
DescriptionXen: 4.7.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-285.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU17907
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17340
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack or escalate privileges on the target system.
The vulnerability exists due memory leak when processing grant table transfer requests. A local user from one domain can gain access to data stored in memory that belong to another domain or consume all available memory resources on the system.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service attack or, in certain cases, to allow privilege escalation.
Mitigation
Xen: 4.7.0 - 4.11.1
External linkshttp://xenbits.xen.org/xsa/advisory-284.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
