The Xen Project reported on Thursday that it has patched a total of four vulnerabilities that can be exploited for privilege escalation or denial-of-service (DoS) attacks.
One of the flaws, described in the XSA-185 advisory and tracked as CVE-2016-7092, allows a malicious 32-bit PV (paravirtualization) guest administrator to escalate their privileges to that of the host.
The issue affects all versions of Xen, but it can only be exploited by 32-bit PV guests on x86 hardware – 64-bit PV guests, x86 HVM (Hardware Virtual Machine) guests and ARM guests are not impacted.
Leave a reply
