CVE-2017-15597

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.

References

http://www.openwall.com/lists/oss-security/2017/10/24/3

http://www.securityfocus.com/bid/101564

http://www.securitytracker.com/id/1039653

http://xenbits.xen.org/xsa/advisory-236.html

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html

https://support.citrix.com/article/CTX229057

https://www.debian.org/security/2017/dsa-4050

Details

Source: MITRE

Published: 2017-10-30

Updated: 2019-10-03

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2.3

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:rc7:*:*:*:*:*:* versions up to 4.9.0 (inclusive)

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
118215Debian DLA-1549-1 : xen security updateNessusDebian Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
105998Fedora 27 : xen (2017-f05808ee5b)NessusFedora Local Security Checks
critical
105222openSUSE Security Update : xen (openSUSE-2017-1322)NessusSuSE Local Security Checks
critical
105221openSUSE Security Update : xen (openSUSE-2017-1321)NessusSuSE Local Security Checks
critical
105149SUSE SLES11 Security Update : xen (SUSE-SU-2017:3242-1)NessusSuSE Local Security Checks
critical
105148SUSE SLES12 Security Update : xen (SUSE-SU-2017:3239-1)NessusSuSE Local Security Checks
critical
105098SUSE SLES12 Security Update : xen (SUSE-SU-2017:3236-1)NessusSuSE Local Security Checks
critical
105033SUSE SLES11 Security Update : xen (SUSE-SU-2017:3212-1)NessusSuSE Local Security Checks
critical
104992SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:3178-1)NessusSuSE Local Security Checks
critical
104870SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:3115-1)NessusSuSE Local Security Checks
critical
104819Debian DSA-4050-1 : xen - security updateNessusDebian Local Security Checks
critical
104607Fedora 25 : xen (2017-c4aa57d753)NessusFedora Local Security Checks
critical
104249OracleVM 3.4 : xen (OVMSA-2017-0166)NessusOracleVM Local Security Checks
critical
104214Xen Hypervisor Pin Count / Page Reference Grant Table Code Guest-to-Host Memory Corruption (XSA-236)NessusMisc.
critical
104201OracleVM 3.2 / 3.3 / 3.4 : xen (OVMSA-2017-0162)NessusOracleVM Local Security Checks
critical
104174Citrix XenServer Pin Count / Page Reference Grant Table Code Guest-to-Host Memory Corruption Vulnerability (CTX229057)NessusMisc.
critical