CVE-2017-7228

EPSS 1.04%
Published 04.04.2017 14:59:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.04%	0.765

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	1.5	6	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.debian.org/security/2017/dsa-3847

http://openwall.com/lists/oss-security/2017/04/04/3

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/97375

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038223

http://xenbits.xen.org/xsa/advisory-212.html

Patch

Vendor Advisory

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt