CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
15.6%
[This CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] libfsimage contains
parsing code for several filesystems, most of them based on grub-legacy
code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as
the same user as the toolstack (root in a priviledged domain). At least one
issue has been reported to the Xen Security Team that allows an attacker to
trigger a stack buffer overflow in libfsimage. After further analisys the
Xen Security Team is no longer confident in the suitability of libfsimage
when run against guest controlled input with super user priviledges. In
order to not affect current deployments that rely on pygrub patches are
provided in the resolution section of the advisory that allow running
pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in
the upstream grub project (“An attacker with local access to a system
(either through a disk or external drive) can present a modified XFS
partition to grub-legacy in such a way to exploit a memory corruption in
grub’s XFS file system implementation.”) CVE-2023-34325 refers specifically
to the vulnerabilities in Xen’s copy of libfsimage, which is decended from
a very old version of grub.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |