CVE-2017-10921 - OpenCVE

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3969
http://www.securitytracker.com/id/1038734
https://security.gentoo.org/glsa/201708-03
https://security.gentoo.org/glsa/201710-17
https://xenbits.xen.org/xsa/advisory-224.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-05T01:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2017-07-04T00:00:00

Link: CVE-2017-10921

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-05T01:29:00.860

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-10921

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "1038734", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038734"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-224.html"}, {"name": "GLSA-201710-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10921", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201708-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "1038734", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038734"}, {"name": "https://xenbits.xen.org/xsa/advisory-224.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-224.html"}, {"name": "GLSA-201710-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-17"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10921", "datePublished": "2017-07-05T01:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "7494A471-EEFC-44F4-96B1-FDBA3B780313", "versionEndIncluding": "4.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2."}, {"lang": "es", "value": "La caracter\u00edstica de tabla grant en Xen, hasta las versiones 4.8.x, no asegura que se realicen los conteos de tipos suficientes para un mapeo de GNTMAP_device_map y GNTMAP_host_map, lo que permite que los usuarios invitados del sistema operativo provoquen una denegaci\u00f3n de servicio (mala gesti\u00f3n del conteo y corrupci\u00f3n de memoria) u obtengan privilegios de acceso al sistema operativo anfitri\u00f3n. Esto tambi\u00e9n se conoce como XSA-224, fallo 2."}], "id": "CVE-2017-10921", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-05T01:29:00.860", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038734"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201710-17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-224.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}