CVE-2017-12137

CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

8.8HIGH

EPSS

0.1%

top 72.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Xenserver Debian Debian Linux

Timeline

PublishedAug 24

Latest updateMay 13

Description

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶Debianxen< 4.8.1-1+deb9u3+3

▶NVDcitrix/xenserver6 versions+5

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgc8-vw2h-qfxj: arch/x86/mm↗2022-05-13

▶

OSV

CVE-2017-12137: arch/x86/mm↗2017-08-24

▶

CVEList

CVE-2017-12137: arch/x86/mm↗2017-08-24

▶

📋Vendor Advisories

Red Hat

xen: x86: PV privilege escalation via map_grant_ref (XSA-227)↗2017-08-15

▶

Debian

CVE-2017-12137: xen - arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges v...↗2017

▶

💬Community

Bugzilla

CVE-2017-12134 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 xen: various flaws [fedora-all]↗2017-08-15

▶

Bugzilla

CVE-2017-12137 xsa227 xen: x86: PV privilege escalation via map_grant_ref (XSA-227)↗2017-08-02

▶