vulnerability

Ubuntu: (CVE-2017-15597): xen vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Oct 30, 2017	Nov 19, 2024	Aug 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Oct 30, 2017

Added

Nov 19, 2024

Modified

Aug 19, 2025

Description

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.

Solution

ubuntu-upgrade-xen

References

CVE-2017-15597
https://attackerkb.com/topics/CVE-2017-15597
CWE-119
CWE-200
DEBIAN-DSA-4050
URL-https://www.cve.org/CVERecord?id=CVE-2017-15597
URL-https://xenbits.xen.org/xsa/advisory-236.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today