Vulnerability CVE-2017-10921

Vulnerability Name:

CVE-2017-10921 (CCN-128181)

Assigned:

2017-06-20

Published:

2017-06-20

Updated:

2019-10-03

Summary:

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.

CVSS v3 Severity:

10.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
8.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
8.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2017-10921

Source: DEBIAN
Type: UNKNOWN
DSA-3969

Source: SECTRACK
Type: UNKNOWN
1038734

Source: CCN
Type: Xen Security Advisory XSA-224
grant table operations mishandle reference counts

Source: XF
Type: UNKNOWN
xen-cve201710921-priv-esc(128181)

Source: GENTOO
Type: UNKNOWN
GLSA-201708-03

Source: GENTOO
Type: UNKNOWN
GLSA-201710-17

Source: CONFIRM
Type: Patch, Vendor Advisory
https://xenbits.xen.org/xsa/advisory-224.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version <= 4.8.1)

Configuration CCN 1:

cpe:/a:xensource:xen:4.5:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.6:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.7:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55523	P	Security update for sudo (Moderate)	2023-03-29
oval:org.opensuse.security:def:201710921	V	CVE-2017-10921	2022-05-20
oval:org.opensuse.security:def:55285	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:39388	P	Security update for postgresql10 (Important)	2021-11-17
oval:org.opensuse.security:def:55968	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:41166	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:40071	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:20492	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:14954	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15145	P	perl-DBD-mysql-4.021-12.5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14994	P	libgcab-1_0-0-0.6-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14839	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15121	P	minicom-2.7-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14943	P	libFLAC++6-1.3.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15159	P	python-PyYAML-3.12-26.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15101	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14946	P	libIlmImf-Imf_2_1-21-2.1.0-6.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14873	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15234	P	yast2-users-3.2.19-1.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15132	P	ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15050	P	libpcsclite1-1.8.10-7.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14847	P	busybox-1.21.1-3.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15218	P	wget-1.14-21.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15038	P	libnm-glib-vpn1-1.0.12-13.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14980	P	libcares2-1.9.1-9.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15207	P	transfig-3.2.5e-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15014	P	libjpeg-turbo-1.5.3-31.14.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:19517	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:20466	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-07-14
oval:org.opensuse.security:def:41897	P	Security update for xorg-x11-libX11 (Important)	2021-06-15
oval:org.opensuse.security:def:15325	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15314	P	gpg2-2.0.24-3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42615	P	libpixman-1-0-0.24.4-0.15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15872	P	nut-cgi-2.7.1-4.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42660	P	openCryptoki-3.2-0.11.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15895	P	udisks2-devel-2.1.3-1.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15979	P	libXext-devel-1.3.2-3.60 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56031	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:15266	P	coolkey-1.1.0-147.67 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15341	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15239	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16002	P	libcurl-devel-7.37.0-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:38798	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:56981	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55858	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:55123	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:41929	P	apache2-2.2.10-2.24.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41974	P	java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:55122	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:41977	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41926	P	PackageKit-0.3.14-2.12.105 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:39213	P	libstaroffice-0_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40113	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:38463	P	python-pywbem on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40594	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:39253	P	Security update for python-Jinja2 (Important)	2020-12-01
oval:org.opensuse.security:def:19330	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:55620	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:41852	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:18687	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:38856	P	libIlmImf-Imf_2_1-21-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41114	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:19142	P	Security update for php72 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38581	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41389	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:56588	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19015	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:56527	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:19806	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:41024	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19459	P	Security update for flac (Moderate)	2020-12-01
oval:org.opensuse.security:def:39053	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40442	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:55802	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:39214	P	libtag1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41291	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:55480	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:19734	P	Security update for libnettle (Moderate)	2020-12-01
oval:org.opensuse.security:def:56900	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:18652	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:41050	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:19118	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:38570	P	cups-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41280	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:56303	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:39360	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38462	P	python-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18903	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:56453	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:19373	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:38963	P	libfbembed2_5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41800	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19828	P	Security update for Linux Kernel Live Patch 22 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:40350	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55696	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:41240	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:55458	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:19701	P	Security update for Linux Kernel Live Patch 13 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:56862	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38695	P	liblua5_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40874	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:19106	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:39964	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:41128	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:56137	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:39321	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:18865	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:39165	P	gimp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19338	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:38905	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41736	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:19804	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:40339	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:41211	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:38569	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19589	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:56788	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:38558	P	chrony on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40772	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:56361	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:39326	P	Security update for compat-openssl098 (Moderate)	2020-12-01
oval:org.opensuse.security:def:41036	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:18831	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39106	P	libmikmod3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40006	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:55457	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38802	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41560	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:19792	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18644	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56646	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:19551	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:39272	P	Security update for SLES 12-SP2 Docker image (Important)	2020-12-01
oval:org.opensuse.security:def:38474	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40703	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56253	P	Security update for compat-openssl098 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39281	P	Security update for docker-runc (Moderate)	2020-12-01
oval:org.opensuse.security:def:41025	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:40338	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:18773	P	Security update for audit (Moderate)	2020-12-01
oval:org.opensuse.security:def:38946	P	finch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19780	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:38665	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41458	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:56696	P	Security update for drm (Moderate)	2020-12-01
oval:org.opensuse.security:def:39433	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:55145	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19048	P	Security update for libseccomp (Moderate)	2020-12-01
oval:org.opensuse.security:def:56565	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:com.ubuntu.xenial:def:2017109210000000	V	CVE-2017-10921 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-05
oval:com.ubuntu.trusty:def:201710921000	V	CVE-2017-10921 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-04
oval:com.ubuntu.xenial:def:201710921000	V	CVE-2017-10921 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-04

BACK