#VU49941 Race condition in Xen
Vulnerability identifier: #VU49941
Vulnerability risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Xen: 4.0.0 - 4.14.1
External links
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html
http://www.openwall.com/lists/oss-security/2021/01/19/7
http://xenbits.xen.org/xsa/advisory-345.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/
http://security.gentoo.org/glsa/202011-06
http://www.debian.org/security/2020/dsa-4804
http://xenbits.xen.org/xsa/advisory-345.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
