CVE-2017-12855

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.

References

http://www.debian.org/security/2017/dsa-3969

http://www.securityfocus.com/bid/100341

http://www.securitytracker.com/id/1039177

http://xenbits.xen.org/xsa/advisory-230.html

https://support.citrix.com/article/CTX225941

Details

Source: MITRE

Published: 2017-08-15

Updated: 2017-11-15

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
104649SUSE SLES12 Security Update : xen (SUSE-SU-2017:2327-2)NessusSuSE Local Security Checks
high
103830OracleVM 3.4 : xen (OVMSA-2017-0153)NessusOracleVM Local Security Checks
critical
103791Debian DLA-1132-1 : xen security updateNessusDebian Local Security Checks
critical
103412SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)NessusSuSE Local Security Checks
high
103342Fedora 25 : xen (2017-ed735463e3)NessusFedora Local Security Checks
high
103216SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)NessusSuSE Local Security Checks
high
103159openSUSE Security Update : xen (openSUSE-2017-1023)NessusSuSE Local Security Checks
high
103158openSUSE Security Update : xen (openSUSE-2017-1022)NessusSuSE Local Security Checks
critical
103146Debian DSA-3969-1 : xen - security updateNessusDebian Local Security Checks
critical
102954SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)NessusSuSE Local Security Checks
high
102953SUSE SLED12 Security Update : xen (SUSE-SU-2017:2327-1)NessusSuSE Local Security Checks
high
102952SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)NessusSuSE Local Security Checks
critical
102907OracleVM 3.2 : xen (OVMSA-2017-0149)NessusOracleVM Local Security Checks
high
102906OracleVM 3.3 : xen (OVMSA-2017-0148)NessusOracleVM Local Security Checks
high
102686Fedora 26 : xen (2017-f336ba205d)NessusFedora Local Security Checks
high
102585Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)NessusMisc.
high
102526Citrix XenServer Multiple Vulnerabilities (CTX225941)NessusMisc.
high