Permissions, Privileges, and Access Controls in xen (Alpine package)

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU17900

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-17347

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the guest system.

The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.

This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Systems Director: 6.3.2.2

xen (Alpine package): 4.63-15

xen (Alpine package): 3.1.6.1-1

xen (Alpine package): 2.55-2 - 2.72-1

xen (Alpine package): 2.2.0.3-2ubuntu5

xen (Alpine package): 3.5.11.2003.06.04-3

xen (Alpine package): 5.4-2ubuntu1

xen (Alpine package): 5.4b-1

xen (Alpine package): 0.15

xen (Alpine package): 0.18ubuntu0.2 - 0.32

xen (Alpine package): 0.3.6.0amd12 - 1.12.9

xen (Alpine package): 1.9.9-3 - 1.9.10-1

xen (Alpine package): 0.48-4

xen (Alpine package): 0.9b-20040421-1 - 1.1-20120215-2

xen (Alpine package): 0.16 - 0.35

xen (Alpine package): 0.2 - 0.9

xen (Alpine package): 0.4

xen (Alpine package): 2.5.3 - 2.17.5ubuntu1

xen (Alpine package): 3.4.0-1

xen (Alpine package): 0.14-1 - 0.15-2

xen (Alpine package): 2014.1-3

xen (Alpine package): 24.0-0ubuntu1

xen (Alpine package): 0.5.2-0ubuntu1 - 1.2.5ubuntu1daily13.06.14-0ubuntu1

xen (Alpine package): 3.0-0ubuntu1

xen (Alpine package): 1.5.2 - 1.6.2

xen (Alpine package): 0.1.8 - 1.0.75

xen (Alpine package): 1.20.0 - 2.18.2

xen (Alpine package): 20101020ubuntu323 - 20101020ubuntu468

xen (Alpine package): 0.2.12 - 1.5.49

xen (Alpine package): 1.8.8-2ubuntu1

xen (Alpine package): 0.2.8-8 - 0.2.11-1

xen (Alpine package): 0.3 - 1.8.42

xen (Alpine package): 5.3.28-3 - 5.3.28-4

xen (Alpine package): 1.5

xen (Alpine package): 0.4.5 - 0.5.8-2.2

xen (Alpine package): 0.2.11-1build1

xen (Alpine package): 0.63

xen (Alpine package): 0.3.1-0ubuntu1 - 0.10.0-3

xen (Alpine package): 0.13-1 - 0.22.1-2

xen (Alpine package): 2.1.0-2 - 2.1.26.dfsg1-14

xen (Alpine package): 0.5.16-3.5ubuntu1 - 0.5.17-6

xen (Alpine package): 1.3-1 - 1.3-3

xen (Alpine package): 5.11-1 - 7.35.0-1

xen (Alpine package): 1.3.9-17 - 2.0.3-2

xen (Alpine package): 0.1.2-1 - 0.2.6-1ubuntu1

xen (Alpine package): 1.0.47-2 - 1.0.64-0ubuntu1

xen (Alpine package): 2.1-3-dfsg-1 - 2.1-3-dfsg-2

xen (Alpine package): 0.100-3

xen (Alpine package): 2:1.0.6-2ubuntu7 - 2:1.6.4-1

xen (Alpine package): 0.8 - 9ubuntu2

xen (Alpine package): 3.0pl1-50 - 3.0pl1-119

xen (Alpine package): 1.0.0-0ubuntu1 - 1.0.0-0ubuntu2

xen (Alpine package): expression - 7.1.1-1

xen (Alpine package): 2.8.13-7 - 2.8.13-10

xen (Alpine package): 2.4.2-16 - 2.7-1

xen (Alpine package): 0.92-0ubuntu3 - 0.98-1

xen (Alpine package): 4.5.7-1 - 8.20-3ubuntu4

xen (Alpine package): 0.2.10-3 - 0.4.6-3

xen (Alpine package): 1.5 - 1.141

xen (Alpine package): 1:0.8.6-0ubuntu4 - 1:0.9.7.6-0ubuntu2

xen (Alpine package): 0.3ubuntu7 - 0.3ubuntu15.2

xen (Alpine package): 1.2.12-1ubuntu1 - 1.2.12-1

xen (Alpine package): 0.7-svn20050721 - 1.4.29-1

xen (Alpine package): 2.8.12.1-1.6 - 3.9.0-1

xen (Alpine package): 1.0.5-2 - 1.0.8-3

xen (Alpine package): 0.25-0ubuntu1 - 0.25-0ubuntu3

xen (Alpine package): 0.9-0ubuntu1 - 0.12-0ubuntu1

xen (Alpine package): 4.8.9

xen (Alpine package): 3.0.4

xen (Alpine package): 2.1.0

xen (Alpine package): 1.4.17

xen (Alpine package): 2.2.0b2

xen (Alpine package): r12.0 nil

xen (Alpine package): 3.0

xen (Alpine package):

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_systems_director:6.3.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:alpine:xen_alpine_package:4.63-15:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.1.6.1-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.55-2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.72-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.2.0.3-2ubuntu5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.5.11.2003.06.04-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:5.4-2ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:5.4b-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.15:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.18ubuntu0.2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.3.6.0amd12:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.9.9-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.48-4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.9b-20040421-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.16:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.5.3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.4.0-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.14-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2014.1-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:24.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.5.2-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.5.2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.1.8:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.20.0:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:20101020ubuntu323:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.2.12:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.8.8-2ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.2.8-8:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:5.3.28-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.4.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.2.11-1build1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.63:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.3.1-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.13-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.1.0-2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.5.16-3.5ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.3-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:5.11-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.3.9-17:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.1.2-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.0.47-2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.1-3-dfsg-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.100-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2:1.0.6-2ubuntu7:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.8:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.0pl1-50:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.0.0-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:expression:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.8.13-7:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.4.2-16:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.92-0ubuntu3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:4.5.7-1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.2.10-3:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.5:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1:0.8.6-0ubuntu4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.3ubuntu7:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.2.12-1ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.7-svn20050721:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.8.12.1-1.6:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.0.5-2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.25-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:0.9-0ubuntu1:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:4.8.9:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.0.4:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.1.0:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:1.4.17:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:2.2.0b2:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:r12.0 nil:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package:3.0:*:*:*:*:alpine_linux:*:*
• cpe:2.3:a:alpine:xen_alpine_package::*:*:*:*:alpine_linux:*:*

External links

https://git.alpinelinux.org/aports/commit/?id=e42bcd9d2c39e861c980adebf91418ddbe72bd21

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.