CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-10918

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile28.31th
Published2017年7月5日
Last Modified2026年5月13日

Vulnerability Description

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.

Affected Platforms (CPE)

💻
Xen

Xen

<= 4.8.1

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3969
🔗 http://www.securityfocus.com/bid/99161
🔗 http://www.securitytracker.com/id/1038732
🔗 https://security.gentoo.org/glsa/201708-03
🔗 https://security.gentoo.org/glsa/201710-17
🔗 https://xenbits.xen.org/xsa/advisory-222.html
🔗 http://www.debian.org/security/2017/dsa-3969
🔗 http://www.securityfocus.com/bid/99161

相關漏洞威脅

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...

CVE-2017-1092110.0

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map ma...

CVE-2017-1091210.0

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

CVE-2015-810410.0

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of servi...