CVE-2008-3687
Xen 3.3 - Heap-Based Buffer Overflow via flask_op Hypercall
Title source: llmDescription
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30834
Patch mailing-list
x_refsource_mlist
http://www.nabble.com/-PATCH--XSM--FLASK--Argument-handling-bugs-in-XSM:FLASK-to18536032.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44608
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31561
Various Sources x_refsource_confirm
http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a
Various Sources x_refsource_misc
http://invisiblethingslab.com/bh08/part2.pdf
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2426
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020731
Scores
EPSS
0.0161
EPSS Percentile
82.0%
Details
CWE
CWE-119
Status
published
Products (2)
xen/xen
3.3
xen/xen_flask_module
Published
Aug 14, 2008
Tracked Since
Feb 18, 2026