7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
14.2%
In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent.
Unfortunately, permissions were not checked for certain operations on the root node.
Unprivileged guests can get and modify permissions, list, and delete the root node. Deleting the whole xenstore tree is a hostwide denial of service. Depending on the circumstances, the vulnerability can also be leveraged into an ability to gain write access to any part of xenstore.
A guest administrator can deny service to the whole system simply by deleting the whole of xenstore.
Additionally, depending on other software in use, privilege escalation may be possible. With the default “xl” toolstack, a guest administrator can escalate their privilege to that of the host.
All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available.
The impact depends on the toolstack and other management software in use. Systems using libxl (for example, via “xl” or libvirt) are vulnerable to privilege escalation.
Systems using C xenstored are not vulnerable, no matter what toolstack or management software is in use.
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
14.2%