Xen 'memory_exchange()' Function Incomplete Fix Privilege Escalation Vulnerability

Xen is prone to a privilege-escalation vulnerability.

An attacker can exploit this issue to to gain elevated privileges.

Note: This issue is the result of an incomplete fix for the issue described in BID 56797 (Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability).

Information

Bugtraq ID: 97375
Class: Design Error
CVE: CVE-2017-7228

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Jann Horn of Google Project Zero.
Vulnerable: Xen Xen 4.8
Xen Xen 4.7
Xen Xen 4.6
Xen Xen 4.6.3
Xen Xen 4.5.3
Xen Xen 4.5.0
Xen Xen 4.4.1
Xen Xen 4.4.0
Redhat Enterprise Linux 5

Not Vulnerable:

References:

Xen Homepage (XenSource )
x86: broken check in memory_exchange() permits PV guest breakout (Xen)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

Xen 'memory_exchange()' Function Incomplete Fix Privilege Escalation Vulnerability

Information