7.4 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
26.7%
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | xen | < 4.3.0-1 | xen_4.3.0-1_all.deb |
Debian | 11 | all | xen | < 4.3.0-1 | xen_4.3.0-1_all.deb |
Debian | 999 | all | xen | < 4.3.0-1 | xen_4.3.0-1_all.deb |
Debian | 13 | all | xen | < 4.3.0-1 | xen_4.3.0-1_all.deb |