Published: 28/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in Xen up to and including 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

An issue was discovered in Xen through 49x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors ...

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 72 The following vulnerabilities have been a ...

CWE-754 CWE-755 CWE-835 https://xenbits.xen.org/xsa/advisory-246.html http://www.securitytracker.com/id/1039878 https://support.citrix.com/article/CTX230138 http://www.securityfocus.com/bid/102008 http://www.securityfocus.com/bid/102129 https://security.gentoo.org/glsa/201801-14 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html http://www.securityfocus.com/bid/105954 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-17044

CVE-2017-17044

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect