This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201703-07
(Xen: Privilege Escalation)
In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo fails to check wethehr the specified memory
region is safe.
A local attacker could potentially execute arbitrary code with
privileges of Xen (QEMU) process on the host, gain privileges on the host
system, or cause a Denial of Service condition.
Running guests in Paravirtualization (PV) mode, or running guests in
Hardware-assisted virtualizion (HVM) utilizing stub domains mitigate
Running HVM guests with the device model in a stubdomain will mitigate
Changing the video card emulation to stdvga (stdvga=1, vga=”stdvga”,
in the xl domain configuration) will avoid the vulnerability.
See also :
All Xen Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
Risk factor :