The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
http://www.securityfocus.com/bid/94473
http://www.securitytracker.com/id/1037347
http://xenbits.xen.org/xsa/advisory-198.html
http://xenbits.xen.org/xsa/xsa198.patch
Source: MITRE
Published: 2017-01-23
Updated: 2017-07-01
Type: CWE-20
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Impact Score: 5.8
Exploitability Score: 1.1
Severity: HIGH