Vulnerability identifier: #VU65351
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
Vendor: Xen Project
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Install updates from vendor's website.
Vulnerable software versions
Xen: 4.13.0 - 4.16.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?