Null pointer dereference in Xen - CVE-2017-10917
Published: July 13, 2017
Vulnerability identifier: #VU7503
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear
CVE-ID: CVE-2017-10917
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper validation of the port numbers of polled event channel ports. A local attacker can trigger NULL pointer dereference and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper validation of the port numbers of polled event channel ports. A local attacker can trigger NULL pointer dereference and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-10917
Install update from vendor's website.