Xen Privilege Escalation (XSA-182) (Bunker Buster)
High Nessus Plugin ID 92701
SynopsisThe remote Xen hypervisor installation is missing a security update.
DescriptionAccording to its self-reported version number, the remote Xen hypervisor is affected by a privilege escalation vulnerability in the paravirtualization (PV) pagetable implementation due to incorrect usage of fast-paths for making updates to pre-existing pagetable entries. An attacker with administrative privileges on a PV guest can exploit this vulnerability to gain administrative privileges on the host operating system. This vulnerability only affects PV guests on x86 hardware; HVM and ARM guests are not affected.
Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.
SolutionApply the appropriate patch as referenced in the vendor advisory.