OSVDB ID: 85202

Title: Xen PHYSDEVOP_get_free_pirq Hypercall Physical IRQ Allocation get_free_pirq Call Return Value Verification Local Privilege Escalation

Info

Disclosure
Sep 05, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Sep 05, 2012

Description

 Xen contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the PHYSDEVOP_get_free_pirq hypercall fails to confirm its call to get_free_pirq succeeded, resulting in the use of the error code in an array when the call fails. This will allow a local attacker to gain escalated privileges.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Citrix Systems, Inc.

Xen

 4.1

XenServer

 5.0
5.0 Update 3
5.6
5.6 FP 1
5.6 SP 2
6.0
6.0.2

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/85202