CVE-2017-15597Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Sensitive Information Exposure7 documents6 sources
Severity
9.1CRITICALNVD
EPSS
1.5%
top 19.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedOct 30
Latest updateMay 13

Description

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and inform

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages3 packages

debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)
Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3
NVDxen/xen4.9.0

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-53jp-4hq4-cmc7: An issue was discovered in Xen through 42022-05-13
OSV
CVE-2017-15597: An issue was discovered in Xen through 42017-10-30

📋Vendor Advisories

2
Red Hat
xen: pin count / page reference race in grant table code (XSA-236)2017-10-24
Debian
CVE-2017-15597: xen - An issue was discovered in Xen through 4.9.x. Grant copying code made an implica...2017

💬Community

2
Bugzilla
CVE-2017-15597 xen: xsa236 xen: pin count / page reference race in grant table code (XSA-236) [fedora-all]2017-10-26
Bugzilla
CVE-2017-15597 xsa236 xen: pin count / page reference race in grant table code (XSA-236)2017-10-09