Memory corruption in Xen - CVE-2017-10922
Published: July 13, 2017
Vulnerability identifier: #VU7507
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-10922
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to improper handling of MMIO region grant references by the grant-table feature. A local attacker can trigger loss of grant trackability and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-10922
Install update from vendor's website.