CVE-2017-14317 Information

Description

A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain a race in cxenstored may cause a double-free. The xenstored daemon may crash resulting in a DoS of any parts of the system relying on it (including domain creation / destruction ballooning device changes etc.).

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/100826 http://www.securitytracker.com/id/1039350 http://xenbits.xen.org/xsa/advisory-233.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://www.debian.org/security/2017/dsa-4050

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.6