Main Vulnerability Database Vulnerabilities #VU17900

Permissions, Privileges, and Access Controls in Xen - CVE-2019-17347

Published: March 5, 2019 / Updated: July 28, 2020

Vulnerability identifier: #VU17900

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-17347

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the guest system.

The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.

This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.

How to mitigate CVE-2019-17347

Apply the following patches:

xsa293.meta
xsa293/4.7-1.patch
xsa293/4.7-2.patch
xsa293/4.7-3.patch
xsa293/4.8-1.patch
xsa293/4.8-2.patch
xsa293/4.8-3.patch
xsa293/4.9-1.patch
xsa293/4.9-2.patch
xsa293/4.10-1.patch
xsa293/4.10-2.patch
xsa293/4.11-1.patch
xsa293/4.11-2.patch
xsa293/unstable-1.patch
xsa293/unstable-2.patch

Sources

https://xenbits.xen.org/xsa/advisory-293.html

Permissions, Privileges, and Access Controls in Xen - CVE-2019-17347

Detailed vulnerability description

How to mitigate CVE-2019-17347

Sources

Please verify you're human