#VU7148 Denial of service in Xen - CVE-2017-10917
Published: June 21, 2017 / Updated: July 28, 2020
Vulnerability identifier: #VU7148
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear
CVE-ID: CVE-2017-10917
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a local attacker on the guest system to cause DoS condition.
The weakness exists due to access control flaw in the hypervisor in event channel polling. A local attacker can cause the target host system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to access control flaw in the hypervisor in event channel polling. A local attacker can cause the target host system to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.