CVE-2017-15591 — Improper Input Validation in XEN

CWE-20 — Improper Input Validation7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 84.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedOct 18

Latest updateMay 14

Description

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)

▶Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3

▶NVDxen/xen18 versions+17

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-6hjm-pwqm-vx85: An issue was discovered in Xen 4↗2022-05-14

▶

OSV

CVE-2017-15591: An issue was discovered in Xen 4↗2017-10-18

▶

📋Vendor Advisories

Red Hat

xen: DMOP map/unmap missing argument checks (XSA-238)↗2017-10-12

▶

Debian

CVE-2017-15591: xen - An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who contr...↗2017

▶

💬Community

Bugzilla

CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 xen: various flaws [fedora-all]↗2017-10-12

▶

Bugzilla

CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238)↗2017-10-09

▶