SB2020040417 - Permissions, Privileges, and Access Controls in xen (Alpine package)
Published: April 4, 2020
Security Bulletin ID
SB2020040417
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-17347)
The vulnerability allows a local user to escalate privileges on the guest system.The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.
This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.
Remediation
Install update from vendor's website.