CyberSec.Space Logo
Back to CVE Browser

CVE-2017-10912

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile35.94th
PublishedJul 5, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

Affected Platforms (CPE)

πŸ’»
Xen

Xen

<= 4.8.1

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3969
πŸ”— http://www.securityfocus.com/bid/99158
πŸ”— http://www.securitytracker.com/id/1038721
πŸ”— https://security.gentoo.org/glsa/201708-03
πŸ”— https://security.gentoo.org/glsa/201710-17
πŸ”— https://xenbits.xen.org/xsa/advisory-217.html
πŸ”— http://www.debian.org/security/2017/dsa-3969
πŸ”— http://www.securityfocus.com/bid/99158

Related Vulnerabilities

CVE-2017-1092110.0

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map ma...

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...

CVE-2017-1091810.0

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privil...

CVE-2015-810410.0

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of servi...