Vigil@nce - Linux kernel, Xen: privilege escalation via PV Backend Driver
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is administrator in a guest system, can access to
the memory of the PV Backend Driver of Xen, in order to escalate
his privileges on the host system.
Impacted products: Debian, Fedora, Linux, NetBSD, openSUSE,
openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 2/4.
Creation date: 17/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Xen product uses PV Backend drivers.
However, due an optimization by the compiler, the Frontend can
access to the Backend memory.
An attacker, who is administrator in a guest system, can therefore
access to the memory of the PV Backend Driver of Xen, in order to
escalate his privileges on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-Xen-privilege-escalation-via-PV-Backend-Driver-18551