#VU8426 Race condition in Xen - CVE-2017-14317
Published: September 14, 2017
Vulnerability identifier: #VU8426
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14317
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the host system.
The weakness exists due to race condition in cxenstored. An adjacent attacker can shut down a virtual machine with a stubdomain, trigger a double-free memory error and cause the xenstored daemon to crash.
The vulnerability is exploitable on the systems running the C version os xenstored ("xenstored") and running devicemodel stubdomains.
The weakness exists due to race condition in cxenstored. An adjacent attacker can shut down a virtual machine with a stubdomain, trigger a double-free memory error and cause the xenstored daemon to crash.
The vulnerability is exploitable on the systems running the C version os xenstored ("xenstored") and running devicemodel stubdomains.
Remediation
Install update from vendor's website.