CVE-2017-14318

Name of the Vulnerable Software and Affected Versions Xen versions 4.5.x through 4.9.x

Description An issue was discovered in the gnttab cache flush function, which handles GNTTABOP cache flush grant table operations. The function checks if the calling domain is the owner of the page to be operated on and if a grant mapping exists in the owner's grant table. However, it does not verify if the owning domain has a grant table. Special domains like DOMID XEN, DOMID IO, and DOMID COW are created without grant tables, leading to a NULL pointer dereference when gnttab cache flush operates on a page owned by these domains.

Recommendations For Xen versions 4.5.x through 4.9.x, consider disabling the gnttab cache flush function as a temporary workaround until a patch is available. Restrict access to pages owned by special domains like DOMID XEN, DOMID IO, and DOMID COW to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.