CVE-2017-12134

CWE-68216 documents8 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Citrix Xenserver
Timeline
PublishedAug 24
Latest updateMay 13

Description

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages8 packages

Debianlinux< 4.12.12-1+3
Ubuntulinux< 4.4.0-97.120
Ubuntulinux-aws< 4.4.0-1038.47
Ubuntulinux-gke< 4.4.0-1032.32
Ubuntulinux-kvm< 4.4.0-1008.13

Patches

Patch: xenbits.xen.orgPatch: bugzilla.redhat.comPatch: support.citrix.com

🔴Vulnerability Details

6
GHSA
GHSA-c46p-g2h9-xcvx: The xen_biovec_phys_mergeable function in drivers/xen/biomerge2022-05-13
OSV
linux vulnerabilities2018-05-22
OSV
linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2017-10-10
OSV
linux-lts-xenial vulnerabilities2017-10-10
OSV
CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge2017-08-24

📋Vendor Advisories

6
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-05-22
Ubuntu
Linux kernel vulnerabilities2018-05-22
Ubuntu
Linux kernel vulnerabilities2017-10-10
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2017-10-10
Red Hat
xen: linux: Fix Xen block IO merge-ability calculation (XSA-229)2017-08-15

💬Community

3
Bugzilla
CVE-2017-12134 linux: Fix Xen block IO merge-ability calculation2017-08-15
Bugzilla
CVE-2017-12134 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 xen: various flaws [fedora-all]2017-08-15
Bugzilla
CVE-2017-12134 xsa229 xen: linux: Fix Xen block IO merge-ability calculation (XSA-229)2017-08-02
CVE-2017-12134 (HIGH CVSS 8.8) | The xen_biovec_phys_mergeable funct | cvebase.io