PT-2017-3163 · Xen+1 · Xen+1

Published

2017-10-24

·

Updated

2019-10-03

·

CVE-2017-15597

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.10
Description A problem has been discovered in the grant copying code, where it was assumed that any grant pin would be accompanied by a suitable page reference. However, this assumption is incorrect when the grant copy operation is performed on a grant of a dying domain. This can cause hypervisor memory corruption, likely resulting in a host crash and denial of service. It is also possible that an attacker could escalate privileges or leak protected information.
Recommendations For Xen versions prior to 4.10, update to a newer version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the grant copying functionality to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-200CWE-264

Related Identifiers

BDU:2017-02575
CVE-2017-15597
DLA-1549-1
DSA-4050-1
OPENSUSE-SU-2017_3193-1
OPENSUSE-SU-2017_3194-1
SUSE-SU-2017:3115-1
SUSE-SU-2017:3178-1
SUSE-SU-2017:3212-1
SUSE-SU-2017:3236-1
SUSE-SU-2017:3239-1
SUSE-SU-2017:3242-1

Affected Products

Suse
Xen