Veracode Vulnerability DatabaseVERACODE:28872Arbitrary Code Execution
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
xen is vulnerable to arbitrary code execution. The vulnerability exists access rights of Xenstore nodes are per domid, and existing granted access rights are not removed when a domain is being destroyed, allowing a new domain created with the same domid to inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Xenstore entries of a guest below /local/domain/ are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected.
References
www.openwall.com/lists/oss-security/2020/12/16/3
lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
secdb.alpinelinux.org/v3.12/main.yaml
www.debian.org/security/2020/dsa-4812
xenbits.xenproject.org/xsa/advisory-322.html
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P