Permissions, Privileges, and Access Controls in Xen

#VU17900 Permissions, Privileges, and Access Controls in Xen

Published: 2019-03-05 | Updated: 2020-07-28

Vulnerability identifier: #VU17900

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-17347

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description
The vulnerability allows a local user to escalate privileges on the guest system.

The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.

This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.

Mitigation

Apply the following patches:

xsa293.meta
xsa293/4.7-1.patch
xsa293/4.7-2.patch
xsa293/4.7-3.patch
xsa293/4.8-1.patch
xsa293/4.8-2.patch
xsa293/4.8-3.patch
xsa293/4.9-1.patch
xsa293/4.9-2.patch
xsa293/4.10-1.patch
xsa293/4.10-2.patch
xsa293/4.11-1.patch
xsa293/4.11-2.patch
xsa293/unstable-1.patch
xsa293/unstable-2.patch

Vulnerable software versions

Xen: 4.1.0 - 4.11.1

External links
http://xenbits.xen.org/xsa/advisory-293.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Permissions, Privileges, and Access Controls in xen (Alpine package)

Debian update for xen

Multiple vulnerabilities in Xen