Detections
Analytics
Alpine: xen: security update to 4.7.3-r0
critical Tenable Cloud Security Plugin ID 407881
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a
GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service
(count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
(CVE-2017-10921)
- The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows
guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by
leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka
XSA-216. (CVE-2017-10911)
- Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS
access, aka XSA-217. (CVE-2017-10912)
- The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of
concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges,
aka XSA-218 bug 1. (CVE-2017-10913)
- The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows
guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information
or gain privileges, aka XSA-218 bug 2. (CVE-2017-10914)
See Also
https://security.alpinelinux.org/vuln/CVE-2017-10911
https://security.alpinelinux.org/vuln/CVE-2017-10912
https://security.alpinelinux.org/vuln/CVE-2017-10913
https://security.alpinelinux.org/vuln/CVE-2017-10914
https://security.alpinelinux.org/vuln/CVE-2017-10915
https://security.alpinelinux.org/vuln/CVE-2017-10916
https://security.alpinelinux.org/vuln/CVE-2017-10917
https://security.alpinelinux.org/vuln/CVE-2017-10918
https://security.alpinelinux.org/vuln/CVE-2017-10919
https://security.alpinelinux.org/vuln/CVE-2017-10920
https://security.alpinelinux.org/vuln/CVE-2017-10921
https://security.alpinelinux.org/vuln/CVE-2017-10922
https://security.alpinelinux.org/vuln/CVE-2017-10923
https://security.alpinelinux.org/vuln/CVE-2017-12135
https://security.alpinelinux.org/vuln/CVE-2017-12136
Plugin Details
Severity: Critical
ID: 407881
Version: Revision 1.25
Type: Local
Published: 10/31/2023
Updated: 3/13/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-10921
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 6/20/2017
Reference Information
CVE: CVE-2017-10911, CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10916, CVE-2017-10917, CVE-2017-10918, CVE-2017-10919, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, CVE-2017-10923, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-12855
BID: 99162, 99158, 99411, 99174, 99167, 99157, 99161, 99159, 99435, 99160, 100344, 100346, 100342, 100341
IAVA: 2017-A-0253-S
IAVB: 2017-B-0074-S, 2017-B-0108-S