Xen CVE-2018-12892 Local Security Bypass Vulnerability

Xen is prone to a local security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Xen 4.7 and later are vulnerable.

Information

Bugtraq ID: 104571
Class: Design Error
CVE: CVE-2018-12892

Remote: No
Local: Yes
Published: Jun 27 2018 12:00AM
Updated: Jun 27 2018 12:00AM
Credit: Andrew Reimers of OrionVM
Vulnerable: Xen Xen 4.9
Xen Xen 4.8
Xen Xen 4.7
Xen Xen 4.10

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Xen Homepage (XenSource )
Bug 1590984 - CVE-2018-12892 xsa-266 xen: libxl fails to honour readonly flag (Redhat)
CVE-2018-12892 (Redhat)
Xen Security Advisory 266 (CVE-2018-12892) - libxl fails to honour readonly flag (Seclists.org)

Source: www.securityfocus.com

Exploit Collector

Search Exploit