XSA-55

CVE-2013-2194 CVE-2013-2195 CVE-2013-2196

问题描述

http://xenbits.xen.org/xsa/advisory-55.html

Multiple vulnerabilities in libelf PV kernel handling

The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. This corresponds to the following CVEs:

• CVE-2013-2194 XEN XSA-55 integer overflows
• CVE-2013-2195 XEN XSA-55 pointer dereferences
• CVE-2013-2196 XEN XSA-55 other problems

integer overflow, lack of check (NULL pointer)

Patch描述

No

Consequence

A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host).

Additionally a malicious HVM domain administrator who is able to supply their own firmware (hvmloader) can do likewise; however we think this would be very unusual and it is unlikely that such configurations exist in production systems.

privilege escalation, DoS