Xen 'memory_exchange()' Function Incomplete Fix Privilege Escalation Vulnerability

Xen is prone to a privilege-escalation vulnerability.

An attacker can exploit this issue to to gain elevated privileges.

Note: This issue is the result of an incomplete fix for the issue described in BID 56797 (Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability).


Bugtraq ID: 97375
Class: Design Error
CVE: CVE-2017-7228

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Jann Horn of Google Project Zero.
Vulnerable: Xen Xen 4.8
Xen Xen 4.7
Xen Xen 4.6
Xen Xen 4.6.3
Xen Xen 4.5.3
Xen Xen 4.5.0
Xen Xen 4.4.1
Xen Xen 4.4.0
Redhat Enterprise Linux 5

Not Vulnerable:

Related Posts