8.8

CVE-2017-12134

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0
CitrixXenserver Version6.5
CitrixXenserver Version7.0
CitrixXenserver Version7.1
CitrixXenserver Version7.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.516
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.openwall.com/lists/oss-security/2017/08/15/4
Third Party Advisory
Mailing List
Mitigation
http://www.securityfocus.com/bid/100343
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039176
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-229.html
Patch
Vendor Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=1477656
Patch
Third Party Advisory
Issue Tracking
Mitigation