7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.9%
The Xen Project reports:
The code to validate level 2 page table entries is bypassed when
certain conditions are satisfied. This means that a PV guest can
create writable mappings using super page mappings. Such writable
mappings can violate Xen intended invariants for pages which Xen is
supposed to keep read-only. This is possible even if the
“allowsuperpage” command line option is not used.
Malicious PV guest administrators can escalate privilege so as to
control the whole system.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | xen-kernel | = 3.4 | UNKNOWN |
FreeBSD | any | noarch | xen-kernel | < 4.5.1_1 | UNKNOWN |