#VU70613 Improper Privilege Management in Xen - CVE-2022-42327
Published: January 3, 2023
Vulnerability identifier: #VU70613
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/U:Green
CVE-ID: CVE-2022-42327
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A malicious guest is able to access unintended shared memory page, read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode.
Remediation
Install updates from vendor's website.
External links
- https://xenbits.xenproject.org/xsa/advisory-412.txt
- http://xenbits.xen.org/xsa/advisory-412.html
- http://www.openwall.com/lists/oss-security/2022/11/01/3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/