CVE-2017-10915

The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.

CVSS v3 9.0 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.0^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2017/dsa-3969
http://www.securityfocus.com/bid/99174	Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201708-03
https://security.gentoo.org/glsa/201710-17
https://xenbits.xen.org/xsa/advisory-219.html	Mailing List Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-05 01:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-10915

Mitre link : CVE-2017-10915

CVE.ORG link : CVE-2017-10915

JSON object : View

Products Affected

xen

xen

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2017-10915", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2017-07-05T01:29:00.673", "references": [{"url": "http://www.debian.org/security/2017/dsa-3969", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99174", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201708-03", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201710-17", "source": "cve@mitre.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-219.html", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219."}, {"lang": "es", "value": "La caracter\u00edstica de shadow-paging en Xen, hasta las versiones 4.8.x, gestiona de manera incorrecta referencias de p\u00e1ginas y, en consecuencia, introduce una condici\u00f3n de carrera, lo que permite que los usuarios invitados del sistema operativo obtengan privilegios Xen. Esto tambi\u00e9n se conoce como XSA-219."}], "lastModified": "2017-11-04T01:29:31.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7494A471-EEFC-44F4-96B1-FDBA3B780313", "versionEndIncluding": "4.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}