PT-2017-12358 · Xen+1 · Xen+1

Ian Jackson

Published

2017-08-24

Updated

2024-06-15

CVE-2017-12136

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen versions 4.6.x through 4.9.x

Description A race condition exists in the grant table code, allowing local guest OS administrators to cause a denial of service, resulting in free list corruption and host crash, or gain privileges on the host. This issue involves vectors related to maptrack free list handling.

Recommendations For Xen versions 4.6.x through 4.9.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2017-12136

DSA-3969-1

OPENSUSE-SU-2017_2394-1

OPENSUSE-SU-2017_2398-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2017:2326-1

SUSE-SU-2017:2327-1

SUSE-SU-2017:2327-2

Affected Products

Suse

Xen

PT-2017-12358 · Xen+1 · Xen+1

CVE-2017-12136

Weakness Enumeration

Related Identifiers

Affected Products

References · 135