Base Score

HIGH7.8

CVE-2017-17566

An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

VectorLOCAL

Published Bycve@mitre.org

Published DateDec 12, 2017, 23:29

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.openwall.com/lists/oss-security/2017/12/12/4
http://www.securityfocus.com/bid/102167
http://www.securitytracker.com/id/1040768
https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
https://security.gentoo.org/glsa/201801-14
https://support.citrix.com/article/CTX232096
https://www.debian.org/security/2018/dsa-4112
https://xenbits.xen.org/xsa/advisory-248.html

Base Score

HIGH7.8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH