CVE-2017-15593Missing Release of Resource after Effective Lifetime in XEN

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedOct 18
Latest updateMay 13

Description

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)
Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3
NVDxen/xen4.9.0

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-j465-85mv-hcv9: An issue was discovered in Xen through 42022-05-13
OSV
CVE-2017-15593: An issue was discovered in Xen through 42017-10-18

📋Vendor Advisories

2
Red Hat
xen: page type reference leak on x86 (XSA-242)2017-10-12
Debian
CVE-2017-15593: xen - An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to c...2017

💬Community

2
Bugzilla
CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 xen: various flaws [fedora-all]2017-10-12
Bugzilla
CVE-2017-15593 xsa242 xen: page type reference leak on x86 (XSA-242)2017-10-09