This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Xen hypervisor installation is missing a security update.
According to its self-reported version number, the Xen hypervisor
installed on the remote host is affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the
get_user() function due to permissions for accessing
MMIO ranges being checked only after accessing them. An
attacker on the guest can exploit this to disclose
potentially sensitive information in the host memory.
- A privilege escalation vulnerability exists when an IRET
hypercall is placed within a multicall batch due to
improper handling of kernel-mode access to pagetables.
An attacker on the guest can exploit this to access
arbitrary system memory and gain elevated privileges on
the host. (VulnDB 157110)
- A privilege escalation vulnerability exists in the
steal_page() function within file xen/arch/x86/mm.c when
transferring pages from one guest to another PV guest
with a different bitness or an HVM guest. An attacker
with access to multiple guests can exploit this to
access arbitrary system memory and gain elevated
privileges on the host. (VulnDB 157111)
- A flaw exists within arch/x86/x86_64/entry.S when
handling failsafe callbacks due to improper validation
of certain input. An attacker on the guest can exploit
this to corrupt memory, potentially resulting in gaining
elevated privileges. (VulnDB 157112)
Note that Nessus has checked the changeset versions based on the
xen.git change log. Nessus did not check guest hardware configurations
or if patches were applied manually to the source code before a
recompile and reinstall.
See also :
Apply the appropriate patch according to the vendor advisory.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.0
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now