Privilege escalation in Xen - CVE-2017-15592
Published: November 29, 2017
Vulnerability identifier: #VU9449
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15592
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS conditions or gain elevated privileges on the target system.
The weakness exists due to mishandling of self-linear shadow mappings for translated guests. An adjacent attacker can supply self-linear shadow mappings and cause the hypervisor to crash or possibly gain elevated privileges.
The weakness exists due to mishandling of self-linear shadow mappings for translated guests. An adjacent attacker can supply self-linear shadow mappings and cause the hypervisor to crash or possibly gain elevated privileges.
How to mitigate CVE-2017-15592
Install update from vendor's website.