CVE-2017-10918 Information
Feb 14, 2021
cve
Description
Xen through 4.8.x does not validate memory allocations during certain P2M operations which allows guest OS users to obtain privileged host OS access aka XSA-222.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Reference
http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/99161 http://www.securitytracker.com/id/1038732 https://security.gentoo.org/glsa/201708-03 https://security.gentoo.org/glsa/201710-17 https://xenbits.xen.org/xsa/advisory-222.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
10.0
Share on: