Vulnerability Description
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.8.1 |
References
- http://www.debian.org/security/2017/dsa-3969
- http://www.securityfocus.com/bid/99411Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038722
- https://security.gentoo.org/glsa/201708-03
- https://security.gentoo.org/glsa/201710-17
- https://xenbits.xen.org/xsa/advisory-218.htmlMailing ListVendor Advisory
- http://www.debian.org/security/2017/dsa-3969
- http://www.securityfocus.com/bid/99411Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038722
- https://security.gentoo.org/glsa/201708-03
- https://security.gentoo.org/glsa/201710-17
- https://xenbits.xen.org/xsa/advisory-218.htmlMailing ListVendor Advisory
FAQ
What is CVE-2017-10913?
CVE-2017-10913 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privi...
How severe is CVE-2017-10913?
CVE-2017-10913 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-10913?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.