CVE-2017-14318 — NULL Pointer Dereference in XEN

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 71.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedSep 12

Latest updateMay 17

Description

An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_X…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)

▶Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3

▶NVDxen/xen18 versions+17

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-g75p-4v96-pxff: An issue was discovered in Xen 4↗2022-05-17

▶

OSV

CVE-2017-14318: An issue was discovered in Xen 4↗2017-09-12

▶

📋Vendor Advisories

Red Hat

xen: Missing check for grant table (XSA-232)↗2017-09-12

▶

Debian

CVE-2017-14318: xen - An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache...↗2017

▶

💬Community

Bugzilla

CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 xen: various flaws [fedora-all]↗2017-09-12

▶

Bugzilla

CVE-2017-14318 xsa232 xen: Missing check for grant table (XSA-232)↗2017-08-30

▶