Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.2
CVSSv3

CVE-2017-7228

Published: 04/04/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

An issue (known as XSA-212) exists in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen -

Vendor Advisories

Debian Security Advisories: DSA-3847-1 xen -- security update
Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen hypervisor, which may lead to privilege escalation, guest-to-host breakout, denial of service or information leaks In additional to the CVE identifiers listed above, this update also addresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215 For the stable distr ...
Debian CVElist Bug Report Logs: xen: CVE-2016-9932: x86 CMPXCHG8B emulation fails to ignore operand size override
Debian Bug report logs - #848081 xen: CVE-2016-9932: x86 CMPXCHG8B emulation fails to ignore operand size override Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 13 Dec 2016 21:03:02 UTC Severity: im ...
Debian CVElist Bug Report Logs: possible memory corruption via failsafe callback [XSA-215]
Debian Bug report logs - #861662 possible memory corruption via failsafe callback [XSA-215] Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Ian Jackson <ianjackson@eucitrixcom> Date: Tue, 2 May 2017 12:12:01 UTC Severity: important Tags: fixed-upst ...
Debian CVElist Bug Report Logs: xen: XSA-207: memory leak when destroying guest without PT devices
Debian Bug report logs - #856229 xen: XSA-207: memory leak when destroying guest without PT devices Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 26 Feb 2017 19:12:02 UTC Severity: important Tags: f ...
Debian CVElist Bug Report Logs: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Debian Bug report logs - #859560 xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212) Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Apr 2017 19:51:02 UTC ...
Debian CVElist Bug Report Logs: 64bit PV guest breakout [XSA-213]
Debian Bug report logs - #861659 64bit PV guest breakout [XSA-213] Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Ian Jackson <ianjackson@eucitrixcom> Date: Tue, 2 May 2017 12:03:05 UTC Severity: important Tags: fixed-upstream, security, upstream ...
Debian CVElist Bug Report Logs: grant transfer allows PV guest to elevate privileges [XSA-214]
Debian Bug report logs - #861660 grant transfer allows PV guest to elevate privileges [XSA-214] Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Ian Jackson <ianjackson@eucitrixcom> Date: Tue, 2 May 2017 12:03:08 UTC Severity: important Tags: fixed- ...
Red Hat: CVE-2017-7228
An issue (known as XSA-212) was discovered in Xen, with fixes available for 48x, 47x, 46x, 45x, and 44x The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security issues have been identified within Citrix XenServer The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host  This issue has the identifier: CVE-2017-7228 (High): x86: broken check in memory_exchange() permits PV guest ...

Exploits

Exploit DB: Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout
Source: bugschromiumorg/p/project-zero/issues/detail?id=1184 This bug report describes a vulnerability in memory_exchange() that permits PV guest kernels to write to an arbitrary virtual address with hypervisor privileges The vulnerability was introduced through a broken fix for CVE-2012-5513 / XSA-29 The fix for CVE-2012-5513 / XSA-2 ...

References

CWE-129http://xenbits.xen.org/xsa/advisory-212.htmlhttp://openwall.com/lists/oss-security/2017/04/04/3http://www.securityfocus.com/bid/97375https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.htmlhttps://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txthttp://www.securitytracker.com/id/1038223https://www.exploit-db.com/exploits/41870/http://www.debian.org/security/2017/dsa-3847https://nvd.nist.govhttps://www.debian.org/security/./dsa-3847https://www.exploit-db.com/exploits/41870/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook