CVE-2017-10920

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.9

Description The issue is related to insufficient access control for GNTMAP device map and GNTMAP host map, specifically when GNTMAP host map is in unmapping mode. This can be exploited by a remote attacker to cause a denial of service, such as memory corruption, or to gain privileged access to the host. The grant-table feature mishandles mapping, leading to potential count mismanagement and memory corruption, allowing guest OS users to cause issues or obtain host OS access.

Recommendations For Xen versions prior to 4.9, update to version 4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the grant-table feature to minimize the risk of exploitation.