SUSE-SU-2017:2466-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 14 Sept 2017, 15:31
Last modified:04 Feb 2026, 04:11

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Sept 2017, 15:31
Published
Vulnerability first disclosed
04 Feb 2026, 04:11
Last Modified
Vulnerability information updated

Description

Security update for xen This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges (XSA-232, bsc#1056280) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282).

Affected Systems

  • susexen&distro=SUSE Linux Enterprise Server 12 SP1-LTSS

    < 4.5.5_16-22.28.1

  • susexen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

    < 4.5.5_16-22.28.1

  • susexen&distro=SUSE OpenStack Cloud 6

    < 4.5.5_16-22.28.1

References (9)