8.8

CVE-2017-12134

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0
CitrixXenserver Version6.5
CitrixXenserver Version7.0
CitrixXenserver Version7.1
CitrixXenserver Version7.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.386
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.debian.org/security/2017/dsa-3981
https://support.citrix.com/article/CTX225941
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/08/15/4
Third Party Advisory
Mailing List
Mitigation
http://www.securityfocus.com/bid/100343
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039176
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-229.html
Patch
Vendor Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=1477656
Patch
Third Party Advisory
Issue Tracking
Mitigation
https://security.gentoo.org/glsa/201801-14
https://usn.ubuntu.com/3655-1/
https://usn.ubuntu.com/3655-2/