8.8

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

Data is provided by the National Vulnerability Database (NVD)
XenXen
CitrixXenserver Version6.0.2
CitrixXenserver Version6.2.0
CitrixXenserver Version6.5
CitrixXenserver Version7.0
CitrixXenserver Version7.1
CitrixXenserver Version7.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.327
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.openwall.com/lists/oss-security/2017/08/15/1
Third Party Advisory
Mailing List
Mitigation
http://www.openwall.com/lists/oss-security/2017/08/17/6
Third Party Advisory
Mailing List
Mitigation
http://www.securityfocus.com/bid/100344
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039178
Third Party Advisory
VDB Entry
http://xenbits.xen.org/xsa/advisory-226.html
Patch
Vendor Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=1477655
Patch
Third Party Advisory
Issue Tracking
Mitigation