CVE-2017-7228

HIGH

Xen 4.4.x-4.8.x - Improper Validation of Array Index in XENMEM_exchange

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7228. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a vulnerability in Xen's memory_exchange() hypercall handler (CVE-2017-7228) to achieve arbitrary memory write with hypervisor privileges, leading to privilege escalation or denial of service. The PoC demonstrates this by overwriting the IDT entry for #PF, causing a double fault.

Description

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalmultiple

https://www.exploit-db.com/exploits/41870

View Code ZIP pw:eip

This exploit leverages a vulnerability in Xen's memory_exchange() hypercall handler (CVE-2017-7228) to achieve arbitrary memory write with hypervisor privileges, leading to privilege escalation or denial of service. The PoC demonstrates this by overwriting the IDT entry for #PF, causing a double fault.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Xen 4.6.0 (and likely other versions)

Auth required

Prerequisites: Access to a PV guest with kernel headers, gcc, make, nasm, and root privileges

MITRE ATT&CK