CVE-2017-14317 — Race Condition in XEN

CWE-362 — Race Condition7 documents6 sources

Severity

5.6MEDIUMNVD

EPSS

0.1%

top 77.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedSep 12

Latest updateMay 14

Description

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.1 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)

▶Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3

▶NVDxen/xen4.9.0

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-qvvj-p4wf-226j: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4↗2022-05-14

▶

OSV

CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4↗2017-09-12

▶

📋Vendor Advisories

Red Hat

xen: cxenstored: Race in domain cleanup (XSA-233)↗2017-09-12

▶

Debian

CVE-2017-14317: xen - A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) ...↗2017

▶

💬Community

Bugzilla

CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 xen: various flaws [fedora-all]↗2017-09-12

▶

Bugzilla

CVE-2017-14317 xsa233 xen: cxenstored: Race in domain cleanup (XSA-233)↗2017-08-30

▶