Main Vulnerability Database Vulnerabilities #VU17900

#VU17900 Permissions, Privileges, and Access Controls in Xen - CVE-2019-17347

Published: March 5, 2019 / Updated: July 28, 2020

Vulnerability identifier: #VU17900

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-17347

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a local user to escalate privileges on the guest system.

The vulnerability exists due to incorrect implementation of the hardware supported fsgsbase feature. A local user or process on 64bit PV guest system can execute arbitrary code on the guest operating system with escalated privileges.

This vulnerability affects 64bit systems that are running on Intel IvyBridge and later hardware, and AMD Steamroller and later hardware.

Remediation

Apply the following patches:

xsa293.meta
xsa293/4.7-1.patch
xsa293/4.7-2.patch
xsa293/4.7-3.patch
xsa293/4.8-1.patch
xsa293/4.8-2.patch
xsa293/4.8-3.patch
xsa293/4.9-1.patch
xsa293/4.9-2.patch
xsa293/4.10-1.patch
xsa293/4.10-2.patch
xsa293/4.11-1.patch
xsa293/4.11-2.patch
xsa293/unstable-1.patch
xsa293/unstable-2.patch

External links

https://xenbits.xen.org/xsa/advisory-293.html

#VU17900 Permissions, Privileges, and Access Controls in Xen - CVE-2019-17347

Description

Remediation

External links

Please verify you're human