Vulnerability Description
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.9.0 |
References
- http://www.securityfocus.com/bid/100819Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039351Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-234.htmlPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
- https://support.citrix.com/article/CTX227185
- https://www.debian.org/security/2017/dsa-4050
- http://www.securityfocus.com/bid/100819Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039351Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-234.htmlPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
- https://support.citrix.com/article/CTX227185
- https://www.debian.org/security/2017/dsa-4050
FAQ
What is CVE-2017-14319?
CVE-2017-14319 is a vulnerability with a CVSS score of 8.8 (HIGH). A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accoun...
How severe is CVE-2017-14319?
CVE-2017-14319 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14319?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.