Published: 13/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Memory leak in Xen 3.3 up to and including 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 3.3.0
xen xen 3.3.1
xen xen 3.3.2
xen xen 4.0.1
xen xen 4.0.2
xen xen 4.1.4
xen xen 4.1.5
xen xen 4.2.5
xen xen 4.3.0
xen xen 4.4.1
xen xen 4.4.2
xen xen 4.5.5
xen xen 4.6.0
xen xen 3.4.0
xen xen 3.4.1
xen xen 4.0.3
xen xen 4.0.4
xen xen 4.1.6
xen xen 4.1.6.1
xen xen 4.3.1
xen xen 4.3.2
xen xen 4.4.3
xen xen 4.4.4
xen xen 4.6.1
xen xen 4.6.2
xen xen 3.4.2
xen xen 3.4.3
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.3.3
xen xen 4.3.4
xen xen 4.5.0
xen xen 4.5.1
xen xen 4.6.4
xen xen 4.6.5
xen xen 4.7.1
xen xen 3.4.4
xen xen 4.0.0
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.2.4
xen xen 4.4.0
xen xen 4.5.2
xen xen 4.5.3
xen xen 4.8.0
xen xen 4.8.1

Memory leak in Xen 33 through 48x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207 ...

CWE-772 https://xenbits.xen.org/xsa/advisory-207.html https://lists.debian.org/debian-lts-announce/2018/09/msg00006.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-14431

CVE-2017-14431

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect