Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Privilege Escalation, DoS Vulnerabilities Patched in Xen

The Xen Project reported on Thursday that it has patched a total of four vulnerabilities that can be exploited for privilege escalation or denial-of-service (DoS) attacks.

The Xen Project reported on Thursday that it has patched a total of four vulnerabilities that can be exploited for privilege escalation or denial-of-service (DoS) attacks.

One of the flaws, described in the XSA-185 advisory and tracked as CVE-2016-7092, allows a malicious 32-bit PV (paravirtualization) guest administrator to escalate their privileges to that of the host.

The issue affects all versions of Xen, but it can only be exploited by 32-bit PV guests on x86 hardware – 64-bit PV guests, x86 HVM (Hardware Virtual Machine) guests and ARM guests are not impacted.

A similar flaw, one that allows a malicious HVM guest administrator to escalate their privileges to that of the host, is tracked as CVE-2016-7093 and described in the XSA-186 advisory. The vulnerability affects Xen versions 4.6.3, 4.5.3, and 4.7.0 and later, but it can only be exploited on HVM guests running on x86 hardware.

XSA-187 describes an overflow issue that can be leveraged by an HVM guest admin to cause Xen to fail a bug check and lead to the host entering a DoS condition. The flaw, identified as CVE-2016-7094, affects all Xen versions and it can be exploited on HVM guests on x86 hardware when they are configured to run with shadow paging.

The last vulnerability, CVE-2016-7154, is a use-after-free that can be exploited by a guest administrator to crash the host (DoS condition). It’s also possible that this weakness, described in XSA-188, can be leveraged for information leaks and arbitrary code execution that leads to privilege escalation.

The list of individuals credited for finding and reporting these vulnerabilities includes Jérémie Boutoille of Quarkslab, Shangcong Luan of Alibaba Cloud, Brian Marcotte, Andrew Cooper of Citrix, and Intel Security’s Mikhail Gorobets.

Xen is used in Linux distributions and cloud services provided by companies such as Amazon, IBM, Linode and Rackspace. The Xen Project typically provides them patches before vulnerabilities are disclosed to give them enough time to address the issues.

On this occasion, Linode informed customers that it has updated its legacy Xen host servers to resolve these vulnerabilities, while Amazon told users that they are not affected. IBM and Rackspace had not released any advisories by the time this article was published.

Citrix, which provides a commercial version of Xen, informed customers that the vulnerabilities, classified as having medium and high severity, have been addressed in all supported versions of its XenServer product.

Related: Xen Patches Serious Privilege Escalation Flaw

Related: Xen Hypervisor Flaws Force Amazon, Rackspace to Reboot Servers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility