CVE-2017-7228 - An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5

CVE-2017-7228

Summary

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-129

CAPEC

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	97375
confirm	http://openwall.com/lists/oss-security/2017/04/04/3 http://xenbits.xen.org/xsa/advisory-212.html https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt
debian	DSA-3847
exploit-db	41870
misc	https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html
sectrack	1038223

Last major update

03-10-2019 - 00:03

Published

04-04-2017 - 14:59

Last modified

03-10-2019 - 00:03