CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-10921

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile38.45th
Published2017年7月5日
Last Modified2026年5月13日

Vulnerability Description

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.

Affected Platforms (CPE)

💻
Xen

Xen

<= 4.8.1

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3969
🔗 http://www.securitytracker.com/id/1038734
🔗 https://security.gentoo.org/glsa/201708-03
🔗 https://security.gentoo.org/glsa/201710-17
🔗 https://xenbits.xen.org/xsa/advisory-224.html
🔗 http://www.debian.org/security/2017/dsa-3969
🔗 http://www.securitytracker.com/id/1038734
🔗 https://security.gentoo.org/glsa/201708-03

関連する脆弱性情報

CVE-2017-1091210.0

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...

CVE-2017-1091810.0

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privil...

CVE-2015-810410.0

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of servi...