Published: 12/12/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

An issue exists in Xen up to and including 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

An issue was discovered in Xen through 49x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page ...

Important Note Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues (XS71ECU1009, XS72E013 and XS73E001), Citrix has superseded these hotfixes with new hotfixes listed below Customers are strongly recommended to apply these new hotfixes These new hotfixes may be applied ...

NVD-CWE-noinfo https://xenbits.xen.org/xsa/advisory-248.html http://www.openwall.com/lists/oss-security/2017/12/12/4 http://www.securityfocus.com/bid/102167 https://security.gentoo.org/glsa/201801-14 https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html https://www.debian.org/security/2018/dsa-4112 https://support.citrix.com/article/CTX232096 http://www.securitytracker.com/id/1040768 https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-17566

CVE-2017-17566

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect