Vulnerability identifier: #VU22536
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack or possibly escalate privileges.
The vulnerability exists due to way Xen handles exceptions on ARM systems, without changing processor level. A local user can force a critical Xen code to run with interrupts erroneously enabled during exception entry that may lead to data corruption, denial of service and potential privilege escalation.
Note, the vulnerability affects ARM systems only.
Mitigation
Applying the appropriate attached patch resolves this issue. xsa303/*.patch xen-unstable .. Xen 4.9 xsa303-4.8/*.patch Xen 4.8 $ sha256sum xsa303* xsa303*/* 66b3eb28cfa633999da7480a37cd919293eb87aa730e7bc58b12c47bcdb0c9c0 xsa303.meta 7769eee9b876cdb7dde2ec664d34a5067f9b639d5c543ee89ff2eda818f04cab xsa303-4.8/0001-Revert-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY.patch f1337aa8c4b38f4ab61e7206c7bd8f5c782583947d9b9e1e8c6f139db73ca2cb xsa303-4.8/0002-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY-macros.patch 160ea6acfba85faf1cbb670b0a3873f025c0dab388f73018a22a61104e1a5fe1 xsa303-4.8/0003-xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro.patch 2cc1e3282263f03c6b9c6e05039f84173b8dbc893a2cd88f80ce2275ff7478d8 xsa303-4.8/0004-xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wi.patch 63c4a90c45ae28032e0149353cafd495cce5caa8c84ad022d21b8078710e996d xsa303-4.8/0005-xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wi.patch 4da48a29aaad85a410021952b2b3cb4dae14365c688e724ed7fc80feea1334df xsa303/0001-xen-arm32-entry-Split-__DEFINE_ENTRY_TRAP-in-two.patch 99773cbfb6f0df5f0c83477c9dcd39127cb361213455bd2cb1f6bcfe4566d5a2 xsa303/0002-xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro.patch 9e8241c311aa8da7fcb1da09b9d8b5a55c26a10f02355e37e97d1e7a3b6db7be xsa303/0003-xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wi.patch 4c9bc0d0b27eff06f65f1a679263ffbcc8aa4c65117840284dc115ae49e7966d xsa303/0004-xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wi.patch $
Vulnerable software versions
Xen: 4.8.0 - 4.9.4
External links
http://www.openwall.com/lists/oss-security/2019/10/31/5
http://xenbits.xen.org/xsa/advisory-303.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.