CVE-2017-8904

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.9

Description The issue is related to the mishandling of the "contains segment descriptors" property during GNTTABOP transfer operations. This might allow PV guest OS users to execute arbitrary code on the host OS.

Recommendations For Xen versions prior to 4.9, update to version 4.9 or later to resolve the issue.