Published: 11/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 605

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.6.0
xen xen 4.6.1
xen xen 4.6.3
xen xen 4.6.5
xen xen 4.6.4
xen xen 4.6.2

Xen through 46x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215 ...

Description of Problem A number of security issues have been identified within Citrix XenServer These issues could, if exploited, allow a malicious administrator of a PV guest VM to compromise the host The issues have the identifiers: CVE-2017-8903 (High): x86: 64bit PV guest breakout via pagetable use-after-mode-change CVE-2017-8904 (High): gran ...

Parseert NCSC-NL beveiligingsadviezen

Adviesmolen Parseert NCSC-NL beveiligingsadviezen Voorbeeld $ python3 extractpy advisoryid: NCSC-2017-0516 cveids: CVE-2017-8903, CVE-2017-8904, CVE-2017-8905 cveidsrest: (cvemitreorg/cve/) datum: 20170601 kans: medium platform: Linux schade: medium schaderest: Denial-of-Service (DoS) Toegang tot gevoelige gegevens titel: Verschillende kwetsbaarheden in Xen opgelost

CWE-682 https://xenbits.xen.org/xsa/advisory-215.html https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/http://www.securityfocus.com/bid/98436 https://security.gentoo.org/glsa/201705-11 http://www.securitytracker.com/id/1038388 https://nvd.nist.gov https://github.com/mrngm/adviesmolen https://access.redhat.com/security/cve/cve-2017-8905

CVE-2017-8905

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect