Published: 12/12/2017 Updated: 19/10/2018

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

An issue was discovered in Xen through 49x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode ...

Important Note Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below Customers are strongly recommended to apply these new hotfixes These new hotfixes may be applied ...

CWE-119 https://xenbits.xen.org/xsa/advisory-249.html http://www.openwall.com/lists/oss-security/2017/12/12/2 http://www.securityfocus.com/bid/102169 https://security.gentoo.org/glsa/201801-14 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://www.debian.org/security/2018/dsa-4112 https://support.citrix.com/article/CTX232096 http://www.securitytracker.com/id/1040769 https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-17563

CVE-2017-17563

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect