Debian DSA-3969-1 : xen - security update

Critical Nessus Plugin ID 103146

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.3

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple vulnerabilities have been discovered in the Xen hypervisor :

- CVE-2017-10912 Jann Horn discovered that incorrectly handling of page transfers might result in privilege escalation.

- CVE-2017-10913 / CVE-2017-10914 Jann Horn discovered that race conditions in grant handling might result in information leaks or privilege escalation.

- CVE-2017-10915 Andrew Cooper discovered that incorrect reference counting with shadow paging might result in privilege escalation.

- CVE-2017-10916 Andrew Cooper discovered an information leak in the handling of the Memory Protection Extensions (MPX) and Protection Key (PKU) CPU features. This only affects Debian stretch.

- CVE-2017-10917 Ankur Arora discovered a NULL pointer dereference in event polling, resulting in denial of service.

- CVE-2017-10918 Julien Grall discovered that incorrect error handling in physical-to-machine memory mappings may result in privilege escalation, denial of service or an information leak.

- CVE-2017-10919 Julien Grall discovered that incorrect handling of virtual interrupt injection on ARM systems may result in denial of service.

- CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922 Jan Beulich discovered multiple places where reference counting on grant table operations was incorrect, resulting in potential privilege escalation.

- CVE-2017-12135 Jan Beulich found multiple problems in the handling of transitive grants which could result in denial of service and potentially privilege escalation.

- CVE-2017-12136 Ian Jackson discovered that race conditions in the allocator for grant mappings may result in denial of service or privilege escalation. This only affects Debian stretch.

- CVE-2017-12137 Andrew Cooper discovered that incorrect validation of grants may result in privilege escalation.

- CVE-2017-12855 Jan Beulich discovered that incorrect grant status handling, thus incorrectly informing the guest that the grant is no longer in use.

- XSA-235 (no CVE yet)

Wei Liu discovered that incorrect locking of add-to-physmap operations on ARM may result in denial of service.

Solution

Upgrade the xen packages.

For the oldstable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u10.

For the stable distribution (stretch), these problems have been fixed in version 4.8.1-1+deb9u3.

See Also

https://security-tracker.debian.org/tracker/CVE-2017-10912

https://security-tracker.debian.org/tracker/CVE-2017-10913

https://security-tracker.debian.org/tracker/CVE-2017-10914

https://security-tracker.debian.org/tracker/CVE-2017-10915

https://security-tracker.debian.org/tracker/CVE-2017-10916

https://security-tracker.debian.org/tracker/CVE-2017-10917

https://security-tracker.debian.org/tracker/CVE-2017-10918

https://security-tracker.debian.org/tracker/CVE-2017-10919

https://security-tracker.debian.org/tracker/CVE-2017-10920

https://security-tracker.debian.org/tracker/CVE-2017-10921

https://security-tracker.debian.org/tracker/CVE-2017-10922

https://security-tracker.debian.org/tracker/CVE-2017-12135

https://security-tracker.debian.org/tracker/CVE-2017-12136

https://security-tracker.debian.org/tracker/CVE-2017-12137

https://security-tracker.debian.org/tracker/CVE-2017-12855

https://packages.debian.org/source/jessie/xen

https://packages.debian.org/source/stretch/xen

https://www.debian.org/security/2017/dsa-3969

Plugin Details

Severity: Critical

ID: 103146

File Name: debian_DSA-3969.nasl

Version: 3.9

Type: local

Agent: unix

Published: 2017/09/13

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 7.3

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:xen, cpe:/o:debian:debian_linux:8.0, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2017/09/12

Reference Information

CVE: CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10916, CVE-2017-10917, CVE-2017-10918, CVE-2017-10919, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-12855, CVE-2017-15596

DSA: 3969