Vulnerability Details : CVE-2017-10918
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
Vulnerability category: Input validation
Products affected by CVE-2017-10918
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-10918
0.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-10918
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
NIST |
CWE ids for CVE-2017-10918
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-10918
-
https://security.gentoo.org/glsa/201710-17
Xen: Multiple vulnerabilities (GLSA 201710-17) — Gentoo security
-
http://www.debian.org/security/2017/dsa-3969
Debian -- Security Information -- DSA-3969-1 xen
-
http://www.securitytracker.com/id/1038732
Xen P2M Mapping Error Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker
-
https://security.gentoo.org/glsa/201708-03
Gentoo Linux — Error 404 (Not Found)
-
http://www.securityfocus.com/bid/99161
Xen XSA-222 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://xenbits.xen.org/xsa/advisory-222.html
XSA-222 - Xen Security AdvisoriesMailing List;Mitigation;Third Party Advisory
Jump to