Privilege escalation in Xen - CVE-2017-10913
Published: July 13, 2017
Vulnerability identifier: #VU7500
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10913
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a backend attacker to gain frontend privileges.
The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to improper mapping of information in certain cases of concurrent unmap calls by the grant-table feature in Xen. A backend attacker can read arbitrary files on the system or gain frontend privileges.
Successful exploitation of the vulnerability results in privilege escalation.
How to mitigate CVE-2017-10913
Install update from vendor's website.