Race condition in Xen - CVE-2017-15588
Published: November 29, 2017
Vulnerability identifier: #VU9446
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15588
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists due to page type release race. An adjacent attacker can supply a stale TLB entry, trigger race condition and execute arbitrary code with elevated privileges.
The weakness exists due to page type release race. An adjacent attacker can supply a stale TLB entry, trigger race condition and execute arbitrary code with elevated privileges.
How to mitigate CVE-2017-15588
Install update from vendor's website.