[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2017:1742-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":88,"epss":9,"epss_history":89,"metrics":90,"affected":91},"SUSE-SU-2017:1742-1","Security update for xen\n\nThis update for xen fixes several issues.\n\nThese security issues were fixed:\n\n- Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882)\n- Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893)\n- Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915)\n- Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924)\n- Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931)\n- Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938)\n- CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160)\n- CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243)\n- PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923)\n\nThese non-security issues were fixed:\n\n- bsc#1027519: Included various upstream patches \n- bsc#1035642: Ensure that rpmbuild works\n",null,[],[],[],[14,16],{"_key":15},"CVE-2017-8309",{"_key":17},"CVE-2017-9330",[],[],[21,22],{"_key":15},{"_key":17},"2017-06-30T13:36:48Z","2026-02-04T03:32:21.209262Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,43,47,51,55,59,63,67,71,75,79,84],{"url":29,"sources":30,"tags":32},"https://www.suse.com/support/update/announcement/2017/suse-su-20171742-1/",[31],"osv_suse",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugzilla.suse.com/1027519",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://bugzilla.suse.com/1035642",[31],[38],{"url":44,"sources":45,"tags":46},"https://bugzilla.suse.com/1037243",[31],[38],{"url":48,"sources":49,"tags":50},"https://bugzilla.suse.com/1042160",[31],[38],{"url":52,"sources":53,"tags":54},"https://bugzilla.suse.com/1042882",[31],[38],{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/1042893",[31],[38],{"url":60,"sources":61,"tags":62},"https://bugzilla.suse.com/1042915",[31],[38],{"url":64,"sources":65,"tags":66},"https://bugzilla.suse.com/1042923",[31],[38],{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/1042924",[31],[38],{"url":72,"sources":73,"tags":74},"https://bugzilla.suse.com/1042931",[31],[38],{"url":76,"sources":77,"tags":78},"https://bugzilla.suse.com/1042938",[31],[38],{"url":80,"sources":81,"tags":82},"https://www.suse.com/security/cve/CVE-2017-8309",[31],[83],"WEB",{"url":85,"sources":86,"tags":87},"https://www.suse.com/security/cve/CVE-2017-9330",[31],[83],[],[],[],[92,105,109,113],{"ecosystem":93,"name":94,"vendor":95,"product":96,"cpe_part":9,"purl_type":97,"purl_namespace":95,"purl_name":96,"source":9,"versions":98},"SUSE Linux Enterprise","xen","suse","xen&distro=SUSE Linux Enterprise Desktop 12 SP2","rpm",[99],{"version":100,"is_range":101,"range_type":102,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":104,"fixed_in":9},"lt4_7_2_06_42_1",true,"ecosystem","4.7.2_06-42.1","excluding",{"ecosystem":93,"name":94,"vendor":95,"product":106,"cpe_part":9,"purl_type":97,"purl_namespace":95,"purl_name":106,"source":9,"versions":107},"xen&distro=SUSE Linux Enterprise Server 12 SP2",[108],{"version":100,"is_range":101,"range_type":102,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":104,"fixed_in":9},{"ecosystem":93,"name":94,"vendor":95,"product":110,"cpe_part":9,"purl_type":97,"purl_namespace":95,"purl_name":110,"source":9,"versions":111},"xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2",[112],{"version":100,"is_range":101,"range_type":102,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":104,"fixed_in":9},{"ecosystem":93,"name":94,"vendor":95,"product":114,"cpe_part":9,"purl_type":97,"purl_namespace":95,"purl_name":114,"source":9,"versions":115},"xen&distro=SUSE Linux Enterprise Software Development Kit 12 SP2",[116],{"version":100,"is_range":101,"range_type":102,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":104,"fixed_in":9}]