Vulnerability Details CVE-2017-12136
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
- http://www.debian.org/security/2017/dsa-3969
- http://www.openwall.com/lists/oss-security/2017/08/15/3
- http://www.securityfocus.com/bid/100346
- http://www.securitytracker.com/id/1039175
- http://xenbits.xen.org/xsa/advisory-228.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1477651
- https://security.gentoo.org/glsa/201801-14
- https://support.citrix.com/article/CTX225941
- http://www.debian.org/security/2017/dsa-3969
- http://www.openwall.com/lists/oss-security/2017/08/15/3
- http://www.securityfocus.com/bid/100346
- http://www.securitytracker.com/id/1039175
- http://xenbits.xen.org/xsa/advisory-228.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1477651
- https://security.gentoo.org/glsa/201801-14
- https://support.citrix.com/article/CTX225941
Products affected by CVE-2017-12136
-
cpe:2.3:a:citrix:xenserver:6.0.2
-
cpe:2.3:a:citrix:xenserver:6.2.0
-
cpe:2.3:a:citrix:xenserver:6.5
-
cpe:2.3:a:citrix:xenserver:7.0
-
cpe:2.3:a:citrix:xenserver:7.1
-
cpe:2.3:a:citrix:xenserver:7.2
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:xen:xen:4.6.0
-
cpe:2.3:o:xen:xen:4.6.1
-
cpe:2.3:o:xen:xen:4.6.3
-
cpe:2.3:o:xen:xen:4.6.4
-
cpe:2.3:o:xen:xen:4.6.5
-
cpe:2.3:o:xen:xen:4.6.6
-
cpe:2.3:o:xen:xen:4.7.0
-
cpe:2.3:o:xen:xen:4.7.1
-
cpe:2.3:o:xen:xen:4.7.2
-
cpe:2.3:o:xen:xen:4.7.3
-
cpe:2.3:o:xen:xen:4.8.0
-
cpe:2.3:o:xen:xen:4.8.1
-
cpe:2.3:o:xen:xen:4.9.0