Vulnerability identifier: #VU73892
Vulnerability risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-1037
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to an oversight in the very original Spectre/Meltdown security work (XSA-254) caused by an unprotected RET instruction. An attacker with access to the guest OS can infer the contents of arbitrary host memory, including memory assigned to other guests.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Xen: All versions
External links
http://xenbits.xenproject.org/xsa/advisory-429.txt
http://xenbits.xen.org/xsa/advisory-429.html
http://www.openwall.com/lists/oss-security/2023/03/21/3
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.