Resource exhaustion in Xen - CVE-2017-15595
Published: November 29, 2017
Vulnerability identifier: #VU9452
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15595
CWE-ID: CWE-400
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS conditions on the target system.
The weakness exists due to improper input validation. An adjacent attacker can supply specially crafted page-table stacking, trigger unbounded recursion, stack consumption, gain elevated privileges or cause hypervisor crash.
The weakness exists due to improper input validation. An adjacent attacker can supply specially crafted page-table stacking, trigger unbounded recursion, stack consumption, gain elevated privileges or cause hypervisor crash.
How to mitigate CVE-2017-15595
Install update from vendor's website.