Upstream information

CVE-2017-8905 at MITRE

Description

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 6.77 6.02
Vector AV:L/AC:L/Au:S/C:C/I:C/A:C AV:L/AC:H/Au:S/C:C/I:C/A:C
Access Vector Local Local
Access Complexity Low High
Authentication Single Single
Confidentiality Impact Complete Complete
Integrity Impact Complete Complete
Availability Impact Complete Complete
CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 8.8 7.8
Vector AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Access Vector Local Local
Access Complexity Low High
Privileges Required Low Low
User Interaction None None
Scope Changed Changed
Confidentiality Impact High High
Integrity Impact High High
Availability Impact High High

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1034845 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Point of Sale 11 SP3
  • xen >= 4.2.5_21-44.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-libs >= 4.2.5_21-44.1
  • xen-tools-domU >= 4.2.5_21-44.1
Patchnames:
sleposp3-xen-13181
SUSE Linux Enterprise Server 11 SP3-LTSS
  • xen >= 4.2.5_21-44.1
  • xen-doc-html >= 4.2.5_21-44.1
  • xen-doc-pdf >= 4.2.5_21-44.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-libs >= 4.2.5_21-44.1
  • xen-libs-32bit >= 4.2.5_21-44.1
  • xen-tools >= 4.2.5_21-44.1
  • xen-tools-domU >= 4.2.5_21-44.1
Patchnames:
slessp3-xen-13181

List of packages in QA

Product(s) Package(s)
SUSE Linux Enterprise Point of Sale 11 SP3
  • xen >= 4.2.5_21-44.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-libs >= 4.2.5_21-44.1
  • xen-tools-domU >= 4.2.5_21-44.1
SUSE Linux Enterprise Server 11 SP3-LTSS
  • xen >= 4.2.5_21-44.1
  • xen-doc-html >= 4.2.5_21-44.1
  • xen-doc-pdf >= 4.2.5_21-44.1
  • xen-kmp-default >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-kmp-pae >= 4.2.5_21_3.0.101_0.47.102-44.1
  • xen-libs >= 4.2.5_21-44.1
  • xen-libs-32bit >= 4.2.5_21-44.1
  • xen-tools >= 4.2.5_21-44.1
  • xen-tools-domU >= 4.2.5_21-44.1
SUSE Linux Enterprise Server 11 SP4
  • xen >= 4.4.4_20-60.3
  • xen-doc-html >= 4.4.4_20-60.3
  • xen-kmp-default >= 4.4.4_20_3.0.101_104-60.3
  • xen-kmp-pae >= 4.4.4_20_3.0.101_104-60.3
  • xen-libs >= 4.4.4_20-60.3
  • xen-libs-32bit >= 4.4.4_20-60.3
  • xen-tools >= 4.4.4_20-60.3
  • xen-tools-domU >= 4.4.4_20-60.3
SUSE Linux Enterprise Server 12 SP1-LTSS
  • xen >= 4.5.5_12-22.18.1
  • xen-debugsource >= 4.5.5_12-22.18.1
  • xen-doc-html >= 4.5.5_12-22.18.1
  • xen-kmp-default >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-kmp-default-debuginfo >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-libs >= 4.5.5_12-22.18.1
  • xen-libs-32bit >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo-32bit >= 4.5.5_12-22.18.1
  • xen-tools >= 4.5.5_12-22.18.1
  • xen-tools-debuginfo >= 4.5.5_12-22.18.1
  • xen-tools-domU >= 4.5.5_12-22.18.1
  • xen-tools-domU-debuginfo >= 4.5.5_12-22.18.1
SUSE Linux Enterprise Server 12-LTSS
  • xen >= 4.4.4_21-22.42.1
  • xen-debugsource >= 4.4.4_21-22.42.1
  • xen-doc-html >= 4.4.4_21-22.42.1
  • xen-kmp-default >= 4.4.4_21_k3.12.61_52.77-22.42.1
  • xen-kmp-default-debuginfo >= 4.4.4_21_k3.12.61_52.77-22.42.1
  • xen-libs >= 4.4.4_21-22.42.1
  • xen-libs-32bit >= 4.4.4_21-22.42.1
  • xen-libs-debuginfo >= 4.4.4_21-22.42.1
  • xen-libs-debuginfo-32bit >= 4.4.4_21-22.42.1
  • xen-tools >= 4.4.4_21-22.42.1
  • xen-tools-debuginfo >= 4.4.4_21-22.42.1
  • xen-tools-domU >= 4.4.4_21-22.42.1
  • xen-tools-domU-debuginfo >= 4.4.4_21-22.42.1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xen >= 4.4.4_20-60.3
  • xen-devel >= 4.4.4_20-60.3
SUSE Linux Enterprise for SAP 12
  • xen >= 4.4.4_21-22.42.1
  • xen-debugsource >= 4.4.4_21-22.42.1
  • xen-doc-html >= 4.4.4_21-22.42.1
  • xen-kmp-default >= 4.4.4_21_k3.12.61_52.77-22.42.1
  • xen-kmp-default-debuginfo >= 4.4.4_21_k3.12.61_52.77-22.42.1
  • xen-libs >= 4.4.4_21-22.42.1
  • xen-libs-32bit >= 4.4.4_21-22.42.1
  • xen-libs-debuginfo >= 4.4.4_21-22.42.1
  • xen-libs-debuginfo-32bit >= 4.4.4_21-22.42.1
  • xen-tools >= 4.4.4_21-22.42.1
  • xen-tools-debuginfo >= 4.4.4_21-22.42.1
  • xen-tools-domU >= 4.4.4_21-22.42.1
  • xen-tools-domU-debuginfo >= 4.4.4_21-22.42.1
SUSE Linux Enterprise for SAP 12 SP1
  • xen >= 4.5.5_12-22.18.1
  • xen-debugsource >= 4.5.5_12-22.18.1
  • xen-doc-html >= 4.5.5_12-22.18.1
  • xen-kmp-default >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-kmp-default-debuginfo >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-libs >= 4.5.5_12-22.18.1
  • xen-libs-32bit >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo-32bit >= 4.5.5_12-22.18.1
  • xen-tools >= 4.5.5_12-22.18.1
  • xen-tools-debuginfo >= 4.5.5_12-22.18.1
  • xen-tools-domU >= 4.5.5_12-22.18.1
  • xen-tools-domU-debuginfo >= 4.5.5_12-22.18.1
SUSE OpenStack Cloud 6
  • xen >= 4.5.5_12-22.18.1
  • xen-debugsource >= 4.5.5_12-22.18.1
  • xen-doc-html >= 4.5.5_12-22.18.1
  • xen-kmp-default >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-kmp-default-debuginfo >= 4.5.5_12_k3.12.74_60.64.45-22.18.1
  • xen-libs >= 4.5.5_12-22.18.1
  • xen-libs-32bit >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo >= 4.5.5_12-22.18.1
  • xen-libs-debuginfo-32bit >= 4.5.5_12-22.18.1
  • xen-tools >= 4.5.5_12-22.18.1
  • xen-tools-debuginfo >= 4.5.5_12-22.18.1
  • xen-tools-domU >= 4.5.5_12-22.18.1
  • xen-tools-domU-debuginfo >= 4.5.5_12-22.18.1