Vulnerability identifier: #VU65351
Vulnerability risk: Low
CVSSv3.1:
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Xen: 4.13.0 - 4.16.1
CPE
External links
http://xenbits.xenproject.org/xsa/advisory-403.txt
http://xenbits.xen.org/xsa/advisory-403.html
http://www.openwall.com/lists/oss-security/2022/07/05/6
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?