Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-7228 — Improper Validation of Array Index in XEN

CWE-129 — Improper Validation of Array Index8 documents7 sources

Severity

8.2HIGHNVD

EPSS

1.5%

top 18.63%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

XEN Debian XEN

Timeline

PublishedApr 4

Latest updateMay 13

Description

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶debiandebian/xen< xen 4.8.1-1 (bookworm)

▶Debianxen/xen< 4.8.1-1+3

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-xm77-6vqw-642h: An issue (known as XSA-212) was discovered in Xen, with fixes available for 4↗2022-05-13

▶

OSV

CVE-2017-7228: An issue (known as XSA-212) was discovered in Xen, with fixes available for 4↗2017-04-04

▶

💥Exploits & PoCs

Exploit-DB

Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout↗2017-04-11

▶

📋Vendor Advisories

Red Hat

xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)↗2017-04-04

▶

Debian

CVE-2017-7228: xen - An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8....↗2017

▶

💬Community

Bugzilla

CVE-2017-7228 xen: xsa212 xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) [fedora-all]↗2017-04-04

▶

Bugzilla

CVE-2017-7228 xsa212 xen: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)↗2017-03-22

▶