CVE-2017-10914 - OpenCVE

The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3969
http://www.securityfocus.com/bid/99411	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038722
https://security.gentoo.org/glsa/201708-03
https://security.gentoo.org/glsa/201710-17
https://xenbits.xen.org/xsa/advisory-218.html	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-05T01:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2017-07-04T00:00:00

Link: CVE-2017-10914

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-05T01:29:00.643

Modified: 2017-11-04T01:29:31.773

Link: CVE-2017-10914

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1038722", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038722"}, {"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "99411", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99411"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-218.html"}, {"name": "GLSA-201710-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10914", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1038722", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038722"}, {"name": "GLSA-201708-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "99411", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99411"}, {"name": "https://xenbits.xen.org/xsa/advisory-218.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-218.html"}, {"name": "GLSA-201710-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-17"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10914", "datePublished": "2017-07-05T01:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "7494A471-EEFC-44F4-96B1-FDBA3B780313", "versionEndIncluding": "4.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2."}, {"lang": "es", "value": "La caracter\u00edstica de tabla grant en Xen, hasta las versiones 4.8.x, incluye una condici\u00f3n de carrera que da lugar a una doble liberaci\u00f3n (double free). Esto permite que los usuarios invitados del sistema operativo provoquen una denegaci\u00f3n de servicio (consumo de memoria) o que, probablemente, obtengan informaci\u00f3n sensible o adquieran privilegios. Esto tambi\u00e9n se conoce como XSA-218, fallo 2."}], "id": "CVE-2017-10914", "lastModified": "2017-11-04T01:29:31.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-05T01:29:00.643", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99411"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038722"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201710-17"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-218.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}