Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-8904

Published: 11/05/2017 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 605
Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen 4.8.1

xen xen 4.8.0

Vendor Advisories

Red Hat: CVE-2017-8904
Xen through 48x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214 ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security issues have been identified within Citrix XenServer These issues could, if exploited, allow a malicious administrator of a PV guest VM to compromise the host The issues have the identifiers: CVE-2017-8903 (High): x86: 64bit PV guest breakout via pagetable use-after-mode-change CVE-2017-8904 (High): gran ...

Github Repositories

https://github.com/mrngm/adviesmolen

Parseert NCSC-NL beveiligingsadviezen

Adviesmolen Parseert NCSC-NL beveiligingsadviezen Voorbeeld $ python3 extractpy advisoryid: NCSC-2017-0516 cveids: CVE-2017-8903, CVE-2017-8904, CVE-2017-8905 cveidsrest: (cvemitreorg/cve/) datum: 20170601 kans: medium platform: Linux schade: medium schaderest: Denial-of-Service (DoS) Toegang tot gevoelige gegevens titel: Verschillende kwetsbaarheden in Xen opgelost

References

NVD-CWE-noinfohttps://xenbits.xen.org/xsa/advisory-214.htmlhttps://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/http://www.securityfocus.com/bid/98428https://security.gentoo.org/glsa/201705-11http://www.securitytracker.com/id/1038387https://nvd.nist.govhttps://github.com/mrngm/adviesmolenhttps://access.redhat.com/security/cve/cve-2017-8904
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook