#VU7151 Privilege escalation in Xen - CVE-2017-10920
Published: June 21, 2017 / Updated: July 28, 2020
Vulnerability identifier: #VU7151
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10920
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to flaws in the mapping and unmapping of grant references. If a grant is mapped with both the GNTMAP_device_map and GNTMAP_host_map flags, but unmapped only with host_map, the device_map portion remains but the page reference counts are lowered as though it had been removed. This bug can be leveraged cause a page's reference counts and type counts to fall to zero while retaining writeable mappings to the page.
The weakness exists due to flaws in the mapping and unmapping of grant references. If a grant is mapped with both the GNTMAP_device_map and GNTMAP_host_map flags, but unmapped only with host_map, the device_map portion remains but the page reference counts are lowered as though it had been removed. This bug can be leveraged cause a page's reference counts and type counts to fall to zero while retaining writeable mappings to the page.
Remediation
Install update from vendor's website.