Xen PV Pagetable Update Flaw Lets Local Users on an X86 PV Guest System Gain Elevated Privileges on the Host System
|
SecurityTracker Alert ID: 1036446 |
SecurityTracker URL: http://securitytracker.com/id/1036446
|
CVE Reference:
CVE-2016-6258
(Links to External Site)
|
Date: Jul 26 2016
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x
|
Description:
A vulnerability was reported in Xen. A local user on the guest system can gain elevated privileges on the host system.
A local administration user on a PV guest system can exploit a flaw in the updating of PV pagetable entries to gain elevated privileges on the host system.
PV guests on x86 hardware are affected.
x86 HVM guests and ARM guests are not affected.
Jeremie Boutoille of Quarkslab reported this vulnerability.
|
Impact:
A local administrative user on the guest system can gain elevated privileges on the host system.
|
Solution:
The vendor has issued a fix (xsa182-4.5.patch, xsa182-4.6.patch, and xsa182.patch).
The vendor's advisory is available at:
http://xenbits.xen.org/xsa/advisory-182.html
|
Vendor URL: xenbits.xen.org/xsa/advisory-182.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|