CVE-2017-12855
MEDIUMXen 4.5-4.9 - Exposure of Sensitive Information via Grant Table Status Bits
Title source: llmDescription
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX225941
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039177
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100341
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3969
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-230.html
Scores
CVSS v3
6.5
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (18)
xen/xen
4.5.0
xen/xen
4.5.1
xen/xen
4.5.2
xen/xen
4.5.3
xen/xen
4.5.5
xen/xen
4.6.0
xen/xen
4.6.1
xen/xen
4.6.3
xen/xen
4.6.4
xen/xen
4.6.5
... and 8 more
Published
Aug 15, 2017
Tracked Since
Feb 18, 2026