CVE-2017-12136

Sažetak

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

Reference

http://www.debian.org/security/2017/dsa-3969
http://www.openwall.com/lists/oss-security/2017/08/15/3
http://www.securityfocus.com/bid/100346
http://www.securitytracker.com/id/1039175
http://xenbits.xen.org/xsa/advisory-228.html
https://bugzilla.redhat.com/show_bug.cgi?id=1477651
https://security.gentoo.org/glsa/201801-14
https://support.citrix.com/article/CTX225941

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

06-05-2019 - 12:46

Objavljeno

24-08-2017 - 14:29