Lucene search

K
xenXen ProjectXSA-55
HistoryJun 03, 2013 - 4:18 p.m.

Multiple vulnerabilities in libelf PV kernel handling

2013-06-0316:18:00
Xen Project
xenbits.xen.org
21

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

28.0%

ISSUE DESCRIPTION

The ELF parser used by the Xen tools to read domains’ kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems.
This corresponds to the following CVEs: CVE-2013-2194 XEN XSA-55 integer overflows CVE-2013-2195 XEN XSA-55 pointer dereferences CVE-2013-2196 XEN XSA-55 other problems

IMPACT

A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host).
Additionally a malicious HVM domain administrator who is able to supply their own firmware (“hvmloader”) can do likewise; however we think this would be very unusual and it is unlikely that such configurations exist in production systems.

VULNERABLE SYSTEMS

All Xen versions are affected.
Installations which only allow the use of trustworthy kernels for PV domains are not affected.

CPENameOperatorVersion
xeneqany

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

28.0%