PT-2017-3082 · Xen+1 · Xen+1

Jann Horn

Publicado

2017-10-12

Atualizado

2019-01-14

CVE-2017-15595

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.10

Description An issue in Xen allows x86 PV guest OS users to cause a denial of service or possibly gain privileges via crafted page-table stacking, resulting in unbounded recursion, stack consumption, and hypervisor crash.

Recommendations For Xen versions prior to 4.10, update to version 4.10 or later to resolve the issue. At the moment, there is no information about other versions that contain a fix for this issue.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

BDU:2017-02452

CVE-2017-15595

DLA-1181-1

DLA-1559-1

DSA-4050-1

DSA-4369-1

OPENSUSE-SU-2017_2821-1

OPENSUSE-SU-2017_2916-1

OPENSUSE-SU-2018_0459-1

SUSE-SU-2017:2812-1

SUSE-SU-2017:2815-1

SUSE-SU-2017:2856-1

SUSE-SU-2017:2864-1

SUSE-SU-2017:2873-1

SUSE-SU-2017:3212-1

SUSE-SU-2017:3236-1

SUSE-SU-2017:3239-1

SUSE-SU-2017:3242-1

SUSE-SU-2018:0438-1

SUSE-SU-2018:0472-1

SUSE-SU-2018:0601-1

SUSE-SU-2018:0609-1

SUSE-SU-2018:0638-1

SUSE-SU-2018:0678-1

Produtos afetados

Suse

Xen

PT-2017-3082 · Xen+1 · Xen+1

CVE-2017-15595

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 108