CVE-2017-12136

CWE-362 — Race Condition8 documents7 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenserver Debian Debian Linux XEN XEN

Timeline

PublishedAug 24

Latest updateMay 14

Description

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages3 packages

▶Debianxen< 4.8.1-1+deb9u3+3

▶NVDxen/xen13 versions+12

▶NVDcitrix/xenserver6 versions+5

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9r53-65fp-9gr6: Race condition in the grant table code in Xen 4↗2022-05-14

▶

CVEList

CVE-2017-12136: Race condition in the grant table code in Xen 4↗2017-08-24

▶

OSV

CVE-2017-12136: Race condition in the grant table code in Xen 4↗2017-08-24

▶

📋Vendor Advisories

Red Hat

xen: grant_table: Race conditions with maptrack free list handling (XSA-228)↗2017-08-15

▶

Debian

CVE-2017-12136: xen - Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local g...↗2017

▶

💬Community

Bugzilla

CVE-2017-12134 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 xen: various flaws [fedora-all]↗2017-08-15

▶

Bugzilla

CVE-2017-12136 xsa228 xen: grant_table: Race conditions with maptrack free list handling (XSA-228)↗2017-08-02

▶