Published: 11/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.8.1
xen xen 4.8.0

Xen through 48x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213 ...

Description of Problem A number of security issues have been identified within Citrix XenServer These issues could, if exploited, allow a malicious administrator of a PV guest VM to compromise the host The issues have the identifiers: CVE-2017-8903 (High): x86: 64bit PV guest breakout via pagetable use-after-mode-change CVE-2017-8904 (High): gran ...

Parseert NCSC-NL beveiligingsadviezen

Adviesmolen Parseert NCSC-NL beveiligingsadviezen Voorbeeld $ python3 extractpy advisoryid: NCSC-2017-0516 cveids: CVE-2017-8903, CVE-2017-8904, CVE-2017-8905 cveidsrest: (cvemitreorg/cve/) datum: 20170601 kans: medium platform: Linux schade: medium schaderest: Denial-of-Service (DoS) Toegang tot gevoelige gegevens titel: Verschillende kwetsbaarheden in Xen opgelost

NVD-CWE-noinfo https://xenbits.xen.org/xsa/advisory-213.html https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/http://www.securityfocus.com/bid/98426 https://security.gentoo.org/glsa/201705-11 http://www.securitytracker.com/id/1038386 https://nvd.nist.gov https://github.com/mrngm/adviesmolen https://access.redhat.com/security/cve/cve-2017-8903

CVE-2017-8903

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect