You are here

V-128: Xen Event Channel Tracking Pointer Bug Local Privilege Escalation

April 8, 2013 - 12:28am

Addthis

PLATFORM:

Version(s): 3.2 and later

ABSTRACT:

A vulnerability was reported in Xen.

REFERENCE LINKS:

SecurityTracker Alert ID:  1028388
CVE-2013-1920

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user with kernel level privileges on the guest operating system can exploit a memory pointer error when the hypervisor is under memory pressure and Xen Security Module (XSM) is enabled to execute arbitrary code on the target host system

IMPACT:

A local user on the guest operating system can obtain elevated privileges on the target host system.

SOLUTION:

The vendor has issued a fix (xsa47-4.1.patch, xsa47-4.2-unstable.patch).
 

Addthis