ProHoster > Blog > internet news > 10 vulnerabilities in the Xen hypervisor

10 vulnerabilities in the Xen hypervisor

Published information about 10 vulnerabilities in the Xen hypervisor, of which five (CVE-2019-17341, CVE-2019-17342, CVE-2019-17340, CVE-2019-17346, CVE-2019-17343) potentially allow you to exit the current guest environment and elevate your privileges, one vulnerability (CVE-2019-17347) allows an unprivileged process to gain control over the processes of other users in the same guest system, the remaining four (CVE-2019-17344, CVE- 2019-17345, CVE-2019-17348, CVE-2019-17351) vulnerabilities can cause a denial of service (host environment crash). Issues fixed in releases Xen 4.12.1, 4.11.2 and 4.10.4.

  • CVE-2019-17341 - the ability to gain access at the hypervisor level from a guest system controlled by the attacker. The problem only occurs on x86 systems and can be committed from guests running in paravirotualization (PV) mode by pushing a new PCI device into a running guest. Guests running in HVM and PVH modes are not affected;
  • CVE-2019-17340 - A memory leak, potentially allowing you to elevate your privileges or access data from other guest systems.
    The problem only occurs on hosts with more than 16TB of RAM on 64-bit systems and 168GB on 32-bit systems.
    The vulnerability can only be exploited from guest systems in PV mode (in HVM and PVH modes, when working through libxl, the vulnerability does not manifest itself);

  • CVE-2019-17346 - Vulnerability when using PCID (Process Context Identifiers) to improve the performance of protection against attacks
    Meltdown allows you to access data from other guest systems and potentially elevate your privileges. The vulnerability can only be exploited from guests in PV mode on x86 systems (the problem does not appear in HVM and PVH modes, as well as in configurations in which there are no guests with PCID enabled (PCID is enabled by default));

  • CVE-2019-17342 - a problem in the implementation of the XENMEM_exchange hypercall allows you to elevate your privileges in environments with only one guest system. The vulnerability can only be exploited from guest systems in PV mode (the vulnerability does not appear in HVM and PVH modes);
  • CVE-2019-17343 - incorrect mapping in IOMMU makes it possible, if there is access from the guest system to the physical device, to use DMA to change its own memory page table and gain access at the host level. The vulnerability manifests itself only in guest systems in PV mode with the rights to forward PCI devices.

Source: opennet.ru

Add a comment