CVE-2017-14318

Advisory lineage Upstream: 0 Downstream: 8

Downstream

ALPINE-CVE-2017-14318 DEBIAN-CVE-2017-14318 DLA-1132-1 DSA-4050-1 SUSE-SU-2017:2420-1 SUSE-SU-2017:2466-1

Modified

Published: 12 Sept 2017, 15:00

Last modified:05 Aug 2024, 19:20

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.0 (nvd)

EPSS Score

0.11% LOW

0% probability -0.09%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Sept 2017, 15:00

Published

Vulnerability first disclosed

05 Aug 2024, 19:20

Last Modified

Vulnerability information updated

Description

An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.

CVSS Metrics

v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.11%• Percentile: 29%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

xen•xen
4.5.0 | 4.5.1 | 4.5.2 | 4.5.3 | 4.5.5 | 4.6.0 | 4.6.1 | 4.6.3 | 4.6.4 | 4.6.5 | 4.6.6 | 4.7.0 | 4.7.1 | 4.7.2 | 4.7.3 | 4.8.0 | 4.8.1 | 4.9.0