Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Weakness
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xen | Xen | 4.6.0 (including) | 4.6.0 (including) |
| Xen | Xen | 4.6.1 (including) | 4.6.1 (including) |
| Xen | Xen | 4.6.2 (including) | 4.6.2 (including) |
| Xen | Xen | 4.6.3 (including) | 4.6.3 (including) |
| Xen | Xen | 4.6.4 (including) | 4.6.4 (including) |
| Xen | Xen | 4.6.5 (including) | 4.6.5 (including) |
| Xen | Ubuntu | devel | * |
| Xen | Ubuntu | esm-infra/xenial | * |
| Xen | Ubuntu | trusty | * |
| Xen | Ubuntu | xenial | * |
| Xen | Ubuntu | yakkety | * |
| Xen | Ubuntu | zesty | * |
Potential Mitigations
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Related Attack Patterns
References
- http://www.securityfocus.com/bid/98436
- http://www.securitytracker.com/id/1038388
- https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
- https://security.gentoo.org/glsa/201705-11
- https://xenbits.xen.org/xsa/advisory-215.html
- http://www.securityfocus.com/bid/98436
- http://www.securitytracker.com/id/1038388
- https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
- https://security.gentoo.org/glsa/201705-11
- https://xenbits.xen.org/xsa/advisory-215.html