Vulnerability Details : CVE-2017-15597
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
Vulnerability category: OverflowMemory CorruptionGain privilegeDenial of serviceInformation leak
Products affected by CVE-2017-15597
- cpe:2.3:o:xen:xen:*:rc7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15597
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15597
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2017-15597
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15597
-
https://support.citrix.com/article/CTX229057
Citrix XenServer Security Update for CVE-2017-15597Issue Tracking;Third Party Advisory
-
http://www.securitytracker.com/id/1039653
Xen Grant Copy Race Condition Lets Local Administrative Users on a Guest System Cause the Host System to Crash - SecurityTrackerIssue Tracking;Third Party Advisory;VDB Entry
-
http://xenbits.xen.org/xsa/advisory-236.html
XSA-236 - Xen Security AdvisoriesIssue Tracking;Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2017/10/24/3
oss-security - Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table codeIssue Tracking;Mailing List;Mitigation;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-4050
Debian -- Security Information -- DSA-4050-1 xen
-
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
[SECURITY] [DLA 1549-1] xen security update
-
http://www.securityfocus.com/bid/101564
Xen CVE-2017-15597 Memory Corruption VulnerabilityIssue Tracking;Third Party Advisory;VDB Entry
Jump to