#VU8424 Out-of-bounds write in Xen - CVE-2017-14316
Published: September 14, 2017
Vulnerability identifier: #VU8424
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14316
CWE-ID: CWE-787
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the host system.
The weakness exists due to out-of-bounds array access in the processing of NUMA node parameters. An adjacent attacker can invoke specially crafted hypercalls and execute arbitrary code with elevated privileges.
The weakness exists due to out-of-bounds array access in the processing of NUMA node parameters. An adjacent attacker can invoke specially crafted hypercalls and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.