Privilege escalation in Xen - CVE-2017-10918
Published: June 21, 2017 / Updated: July 28, 2020
Vulnerability identifier: #VU7153
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10918
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to a memory allocation error in the physical-to-machine (P2M) mapping. A local attacker on the guest system can access restricted memory to gain elevated privileges on the host system.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to a memory allocation error in the physical-to-machine (P2M) mapping. A local attacker on the guest system can access restricted memory to gain elevated privileges on the host system.
Successful exploitation of the vulnerability results in privilege escalation.
How to mitigate CVE-2017-10918
Install update from vendor's website.