CVE-2017-17044 — Improper Check for Unusual or Exceptional Conditions in XEN

CWE-754 — Improper Check for Unusual or Exceptional Conditions CWE-755 — Improper Handling of Exceptional Conditions CWE-835 — Infinite Loop6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 84.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedNov 28

Latest updateMay 13

Description

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.2+xsa245-0+deb9u1 (bookworm)

▶Debianxen/xen< 4.8.2+xsa245-0+deb9u1+3

▶NVDxen/xen4.9.1

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-pfw4-6v7q-26m4: An issue was discovered in Xen through 4↗2022-05-13

▶

OSV

CVE-2017-17044: An issue was discovered in Xen through 4↗2017-11-28

▶

📋Vendor Advisories

Red Hat

xen: x86: infinite loop due to missing PoD error checking (XSA-246)↗2017-11-28

▶

Debian

CVE-2017-17044: xen - An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to caus...↗2017

▶

💬Community

Bugzilla

CVE-2017-17044 xsa246 xen: x86: infinite loop due to missing PoD error checking (XSA-246)↗2017-11-15

▶