SB2017111908 - Fedora 26 update for xen
Published: November 19, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017111908
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2017-15595)
The vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS conditions on the target system.The weakness exists due to improper input validation. An adjacent attacker can supply specially crafted page-table stacking, trigger unbounded recursion, stack consumption, gain elevated privileges or cause hypervisor crash.
2) Privilege escalation (CVE-ID: CVE-2017-15592)
The vulnerability allows an adjacent attacker to cause DoS conditions or gain elevated privileges on the target system.The weakness exists due to mishandling of self-linear shadow mappings for translated guests. An adjacent attacker can supply self-linear shadow mappings and cause the hypervisor to crash or possibly gain elevated privileges.
3) Memory corruption (CVE-ID: CVE-2017-15592)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists in HVM guest systems due to insufficient memory processing. An adjacent attacker can trigger memory corruption and cause the system to crash.
Successful exploitation of the vulnerability may result in denial of service.
Remediation
Install update from vendor's website.