Xen CVE-2018-12892 Local Security Bypass Vulnerability

Xen is prone to a local security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Xen 4.7 and later are vulnerable.


Bugtraq ID: 104571
Class: Design Error
CVE: CVE-2018-12892

Remote: No
Local: Yes
Published: Jun 27 2018 12:00AM
Updated: Jun 27 2018 12:00AM
Credit: Andrew Reimers of OrionVM
Vulnerable: Xen Xen 4.9
Xen Xen 4.8
Xen Xen 4.7
Xen Xen 4.10

Not Vulnerable:


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts