CVE-2017-15591

MEDIUM

Xen 4.5.x-4.9.x - Denial of Service via DMOP Map/Unmap Implementation

Title source: llm
STIX 2.1

Description

An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.

References (2)

Core 2
Core References
Mailing List, Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://xenbits.xen.org/xsa/advisory-238.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201801-14

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 16.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (18)
xen/xen 4.5.0
xen/xen 4.5.1
xen/xen 4.5.2
xen/xen 4.5.3
xen/xen 4.5.5
xen/xen 4.6.0
xen/xen 4.6.1
xen/xen 4.6.3
xen/xen 4.6.4
xen/xen 4.6.5
... and 8 more
Published Oct 18, 2017
Tracked Since Feb 18, 2026