Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2017-15595

Published: 18/10/2017 Updated: 30/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

An issue exists in Xen up to and including 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

Vendor Advisories

Debian CVElist Bug Report Logs: xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583)
Debian Bug report logs - #947944 xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583) Package: src:xen; Maintainer for src:xen is De ...
Red Hat: CVE-2017-15595
An issue was discovered in Xen through 49x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 72 The following vulnerabilities have been addres ...

Exploits

Exploit DB: Xen - Pagetable De-typing Unbounded Recursion
Xen allows pagetables of the same level to map each other as readonly in PV domains This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address When cleaning up a pagetable after the last typed reference to it has been dropped (via __put_page_type() -> __put_final_page_ty ...

References

CWE-400https://xenbits.xen.org/xsa/advisory-240.htmlhttps://support.citrix.com/article/CTX228867https://www.exploit-db.com/exploits/43014/https://www.debian.org/security/2017/dsa-4050https://security.gentoo.org/glsa/201801-14https://lists.debian.org/debian-lts-announce/2017/11/msg00027.htmlhttps://lists.debian.org/debian-lts-announce/2018/10/msg00021.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944https://www.exploit-db.com/exploits/43014/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook