Vulnerability Name:

CVE-2017-10922 (CCN-128182)

Assigned:2017-06-20
Published:2017-06-20
Updated:2017-11-04
Summary:The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2017-10922

Source: DEBIAN
Type: UNKNOWN
DSA-3969

Source: SECTRACK
Type: UNKNOWN
1038734

Source: CCN
Type: Xen Security Advisory XSA-224
grant table operations mishandle reference counts

Source: XF
Type: UNKNOWN
xen-cve201710922-dos(128182)

Source: GENTOO
Type: UNKNOWN
GLSA-201708-03

Source: GENTOO
Type: UNKNOWN
GLSA-201710-17

Source: CONFIRM
Type: Patch, Vendor Advisory
https://xenbits.xen.org/xsa/advisory-224.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version <= 4.8.1)

  • Configuration CCN 1:
  • cpe:/a:xensource:xen:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.7:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.8:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55523
    P
    Security update for sudo (Moderate)
    2023-03-29
    oval:org.opensuse.security:def:201710922
    V
    CVE-2017-10922
    2022-05-20
    oval:org.opensuse.security:def:55285
    P
    Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:39388
    P
    Security update for postgresql10 (Important)
    2021-11-17
    oval:org.opensuse.security:def:55968
    P
    Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:41166
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:40071
    P
    Security update for cpio (Important)
    2021-08-23
    oval:org.opensuse.security:def:20492
    P
    Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)
    2021-08-17
    oval:org.opensuse.security:def:14954
    P
    libXdmcp6-1.1.1-12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15145
    P
    perl-DBD-mysql-4.021-12.5.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14994
    P
    libgcab-1_0-0-0.6-1.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14839
    P
    automake-1.13.4-6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15121
    P
    minicom-2.7-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14943
    P
    libFLAC++6-1.3.0-11.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15159
    P
    python-PyYAML-3.12-26.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15101
    P
    libvte9-0.28.2-19.7 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14946
    P
    libIlmImf-Imf_2_1-21-2.1.0-6.13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14873
    P
    dosfstools-3.0.26-6.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15234
    P
    yast2-users-3.2.19-1.16 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15132
    P
    ovmf-2017+git1510945757.b2662641d5-3.16.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15050
    P
    libpcsclite1-1.8.10-7.6.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14847
    P
    busybox-1.21.1-3.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15218
    P
    wget-1.14-21.10.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15038
    P
    libnm-glib-vpn1-1.0.12-13.12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14980
    P
    libcares2-1.9.1-9.4.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15207
    P
    transfig-3.2.5e-2.3.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15014
    P
    libjpeg-turbo-1.5.3-31.14.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:19517
    P
    Security update for the Linux Kernel (Important)
    2021-07-22
    oval:org.opensuse.security:def:20466
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)
    2021-07-14
    oval:org.opensuse.security:def:41897
    P
    Security update for xorg-x11-libX11 (Important)
    2021-06-15
    oval:org.opensuse.security:def:15325
    P
    ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15314
    P
    gpg2-2.0.24-3.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42615
    P
    libpixman-1-0-0.24.4-0.15.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15872
    P
    nut-cgi-2.7.1-4.84 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42660
    P
    openCryptoki-3.2-0.11.26 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15895
    P
    udisks2-devel-2.1.3-1.14 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15979
    P
    libXext-devel-1.3.2-3.60 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:56031
    P
    Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:15266
    P
    coolkey-1.1.0-147.67 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15341
    P
    libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:15239
    P
    DirectFB-1.7.1-6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:16002
    P
    libcurl-devel-7.37.0-28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:38798
    P
    Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:56981
    P
    Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:55858
    P
    Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:55123
    P
    Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:41929
    P
    apache2-2.2.10-2.24.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41974
    P
    java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:55122
    P
    Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:41977
    P
    kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41926
    P
    PackageKit-0.3.14-2.12.105 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:39213
    P
    libstaroffice-0_0-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40113
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:38463
    P
    python-pywbem on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40594
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:39253
    P
    Security update for python-Jinja2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:19330
    P
    Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:55620
    P
    Security update for krb5 (Important)
    2020-12-01
    oval:org.opensuse.security:def:41852
    P
    Security update for gdk-pixbuf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18687
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38856
    P
    libIlmImf-Imf_2_1-21-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41114
    P
    Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19142
    P
    Security update for php72 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38581
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41389
    P
    Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:56588
    P
    Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19015
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:56527
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:19806
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:41024
    P
    Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19459
    P
    Security update for flac (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39053
    P
    libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40442
    P
    Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:55802
    P
    Security update for giflib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39214
    P
    libtag1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41291
    P
    Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:55480
    P
    Security update for compat-openssl098 (Important)
    2020-12-01
    oval:org.opensuse.security:def:19734
    P
    Security update for libnettle (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56900
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:18652
    P
    Security update for exiv2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41050
    P
    Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:19118
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38570
    P
    cups-filters on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41280
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:56303
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:39360
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38462
    P
    python-pyOpenSSL on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18903
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:56453
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:19373
    P
    Security update for php7 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38963
    P
    libfbembed2_5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41800
    P
    Security update for libpng16 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19828
    P
    Security update for Linux Kernel Live Patch 22 for SLE 12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:40350
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:55696
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:41240
    P
    Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)
    2020-12-01
    oval:org.opensuse.security:def:55458
    P
    Security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19701
    P
    Security update for Linux Kernel Live Patch 13 for SLE 12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:56862
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:38695
    P
    liblua5_2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40874
    P
    Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:19106
    P
    Security update for dovecot22 (Important)
    2020-12-01
    oval:org.opensuse.security:def:39964
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:41128
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:56137
    P
    Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39321
    P
    Security update for compat-openssl098 (Important)
    2020-12-01
    oval:org.opensuse.security:def:18865
    P
    Security update for soundtouch (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39165
    P
    gimp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19338
    P
    Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38905
    P
    lcms on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41736
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19804
    P
    Security update for unrar (Important)
    2020-12-01
    oval:org.opensuse.security:def:40339
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:41211
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:38569
    P
    cups on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19589
    P
    Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56788
    P
    Security update for atftp (Important)
    2020-12-01
    oval:org.opensuse.security:def:38558
    P
    chrony on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40772
    P
    Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56361
    P
    Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:39326
    P
    Security update for compat-openssl098 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41036
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:18831
    P
    Security update for php7 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39106
    P
    libmikmod3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40006
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:55457
    P
    Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38802
    P
    strongswan on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41560
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:19792
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:18644
    P
    Security update for postgresql10 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56646
    P
    Security update for qemu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19551
    P
    Security update for mutt (Important)
    2020-12-01
    oval:org.opensuse.security:def:39272
    P
    Security update for SLES 12-SP2 Docker image (Important)
    2020-12-01
    oval:org.opensuse.security:def:38474
    P
    rsyslog on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:40703
    P
    Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:56253
    P
    Security update for compat-openssl098 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39281
    P
    Security update for docker-runc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41025
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:40338
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:18773
    P
    Security update for audit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38946
    P
    finch on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19780
    P
    Security update for quagga (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38665
    P
    libecpg6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:41458
    P
    Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:56696
    P
    Security update for drm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39433
    P
    Security update for python-PyYAML (Important)
    2020-12-01
    oval:org.opensuse.security:def:55145
    P
    hplip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:19048
    P
    Security update for libseccomp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56565
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:com.ubuntu.xenial:def:2017109220000000
    V
    CVE-2017-10922 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-07-05
    oval:com.ubuntu.trusty:def:201710922000
    V
    CVE-2017-10922 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-07-04
    oval:com.ubuntu.xenial:def:201710922000
    V
    CVE-2017-10922 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-07-04
    BACK
    xen xen *
    xensource xen 4.5
    xensource xen 4.6
    xensource xen 4.7
    xensource xen 4.8