Privilege escalation in Xen - CVE-2017-8905
Published: May 31, 2017 / Updated: May 31, 2017
Vulnerability identifier: #VU6845
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8905
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to insufficient validation of user-supplied input. A local attacker can use a failsafe callback to modify part of a physical memory page, execute arbitrary code on the host OS with elevated privileges.
Successful exploitation of the vulnerability may result in privilege escalation.
The weakness exists due to insufficient validation of user-supplied input. A local attacker can use a failsafe callback to modify part of a physical memory page, execute arbitrary code on the host OS with elevated privileges.
Successful exploitation of the vulnerability may result in privilege escalation.
How to mitigate CVE-2017-8905
Install update from vendor's website.