CVE-2017-14319

Sažetak

A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.

Reference

http://www.securityfocus.com/bid/100819
http://www.securitytracker.com/id/1039351
http://xenbits.xen.org/xsa/advisory-234.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
https://support.citrix.com/article/CTX227185
https://www.debian.org/security/2017/dsa-4050

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

12-09-2017 - 15:29