Your submission was sent successfully! Close

CVE-2017-15597

Published: 30 October 2017

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (4.9.2-0ubuntu1)
cosmic Not vulnerable
(4.9.2-0ubuntu1)
disco Not vulnerable
(4.9.2-0ubuntu1)
eoan Not vulnerable
(4.9.2-0ubuntu1)
focal Not vulnerable
(4.9.2-0ubuntu1)
groovy Not vulnerable
(4.9.2-0ubuntu1)
hirsute Not vulnerable
(4.9.2-0ubuntu1)
impish Not vulnerable
(4.9.2-0ubuntu1)
jammy Not vulnerable
(4.9.2-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (4.9.1)
xenial Needed

zesty Ignored
(reached end-of-life)

Notes

AuthorNote
mdeslaur
hypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary

References

Bugs