CVE-2017-14319
HIGHXen < 4.9.0 - Grant Unmapping Page Table Desynchronization
Title source: llmDescription
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039351
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX227185
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100819
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-234.html
Scores
CVSS v3
8.8
EPSS
0.0004
EPSS Percentile
11.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (1)
xen/xen
< 4.9.0
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026