CVE-2017-10913

{"id": "CVE-2017-10913", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-05T01:29:00.610", "references": [{"url": "http://www.debian.org/security/2017/dsa-3969", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99411", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1038722", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201708-03", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201710-17", "source": "cve@mitre.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-218.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2017/dsa-3969", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/99411", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1038722", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201708-03", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201710-17", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://xenbits.xen.org/xsa/advisory-218.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1."}, {"lang": "es", "value": "La caracter\u00edstica de tabla grant en Xen, hasta las versiones 4.8.x, ofrece informaci\u00f3n de mapeo falsa en ciertos casos de llamadas simult\u00e1neas de desasignaci\u00f3n, lo que permite que atacantes del backend obtengan informaci\u00f3n sensible o adquieran privilegios. Esto tambi\u00e9n se conoce como XSA-218, fallo 1."}], "lastModified": "2024-11-21T03:06:44.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7494A471-EEFC-44F4-96B1-FDBA3B780313", "versionEndIncluding": "4.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}