CVE-2017-8905 — Incorrect Calculation in XEN

CWE-682 — Incorrect Calculation7 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 75.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedMay 11

Latest updateMay 13

Description

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDxen/xen6 versions+5

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-fff9-ccrg-mjcr: Xen through 4↗2022-05-13

▶

OSV

CVE-2017-8905: Xen through 4↗2017-05-11

▶

📋Vendor Advisories

Red Hat

xen: possible memory corruption via failsafe callback (XSA-215)↗2017-05-02

▶

Debian

CVE-2017-8905: xen - Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which migh...↗2017

▶

💬Community

Bugzilla

CVE-2017-8903 CVE-2017-8904 CVE-2017-8905 xen: various flaws [fedora-all]↗2017-05-02

▶

Bugzilla

CVE-2017-8905 xsa215 xen: possible memory corruption via failsafe callback (XSA-215)↗2017-04-18

▶