Memory corruption in Xen - CVE-2017-10921
Published: July 13, 2017
Vulnerability identifier: #VU7506
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10921
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper ensuring of sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping by the grant-table feature. A local attacker can trigger count mismanagement and memory corruption and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-10921
Install update from vendor's website.