FreeBSD : xen-kernel -- broken check in memory_exchange() permits PV guest breakout (90becf7c-1acf-11e7-970f-002590263bf5)

High Nessus Plugin ID 99240


The remote FreeBSD host is missing a security-related update.


The Xen Project reports :

The XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 99240

File Name: freebsd_pkg_90becf7c1acf11e7970f002590263bf5.nasl

Version: $Revision: 3.6 $

Type: local

Published: 2017/04/07

Modified: 2018/02/05

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C


Base Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/04/06

Vulnerability Publication Date: 2017/04/04

Reference Information

CVE: CVE-2017-7228

IAVB: 2017-B-0042