{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-236.html"}, {"name": "101564", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101564"}, {"name": "[oss-security] 20171024 Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/10/24/3"}, {"name": "DSA-4050", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4050"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX229057"}, {"name": "1039653", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039653"}, {"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15597", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/xsa/advisory-236.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-236.html"}, {"name": "101564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101564"}, {"name": "[oss-security] 20171024 Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/10/24/3"}, {"name": "DSA-4050", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4050"}, {"name": "https://support.citrix.com/article/CTX229057", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX229057"}, {"name": "1039653", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039653"}, {"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:27.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-236.html"}, {"name": "101564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101564"}, {"name": "[oss-security] 20171024 Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/10/24/3"}, {"name": "DSA-4050", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4050"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX229057"}, {"name": "1039653", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039653"}, {"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15597", "datePublished": "2017-10-30T14:00:00", "dateReserved": "2017-10-18T00:00:00", "dateUpdated": "2024-08-05T19:57:27.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:rc7:*:*:*:*:*:*", "matchCriteriaId": "4FE0E8DB-FAAA-4516-88F5-594F625A008C", "versionEndIncluding": "4.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out."}, {"lang": "es", "value": "Se ha descubierto un problema en Xen hasta las versiones 4.9.x. El c\u00f3digo copiado por la funci\u00f3n GRANT asum\u00eda que cualquier Grant Pin estar\u00eda acompa\u00f1ado de una referencia de p\u00e1gina adecuada. Sin embargo, otras fragmentos de c\u00f3digo no coincidieron con esta suposici\u00f3n. Cuando esta operaci\u00f3n de copia de autorizaci\u00f3n se realiza en una tabla grant de un dominio obsoleto, la suposici\u00f3n se vuelve err\u00f3nea. Un administrador invitado malicioso puede provocar la corrupci\u00f3n de la memoria del hipervisor, lo que probablemente resulte en el cierre inesperado del host y una denegaci\u00f3n de servicio. El escalado de privilegios y las fugas de informaci\u00f3n no pueden descartarse."}], "id": "CVE-2017-15597", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-30T14:29:00.847", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/24/3"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101564"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039653"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-236.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://support.citrix.com/article/CTX229057"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2017/dsa-4050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/24/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-236.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://support.citrix.com/article/CTX229057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2017/dsa-4050"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Pawel Wieczorkiewicz (Amazon) as the original reporter.", "bugzilla": {"description": "xen: pin count / page reference race in grant table code (XSA-236)", "id": "1499815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499815"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "details": ["An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out."], "name": "CVE-2017-15597", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15597\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15597\nhttp://xenbits.xen.org/xsa/advisory-236.html"], "threat_severity": "Moderate"}