CVE-2017-12136
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios en el host mediante vectores que impliquen la gestión de lista libre de maptrack.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-01 CVE Reserved
- 2017-08-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/100346 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039175 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/08/15/3 | 2019-05-06 | |
| http://xenbits.xen.org/xsa/advisory-228.html | 2019-05-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1477651 | 2019-05-06 | |
| https://support.citrix.com/article/CTX225941 | 2019-05-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3969 | 2019-05-06 | |
| https://security.gentoo.org/glsa/201801-14 | 2019-05-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.0 Search vendor "Xen" for product "Xen" and version "4.6.0" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.1 Search vendor "Xen" for product "Xen" and version "4.6.1" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.3 Search vendor "Xen" for product "Xen" and version "4.6.3" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.4 Search vendor "Xen" for product "Xen" and version "4.6.4" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.5 Search vendor "Xen" for product "Xen" and version "4.6.5" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.6.6 Search vendor "Xen" for product "Xen" and version "4.6.6" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.0 Search vendor "Xen" for product "Xen" and version "4.7.0" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.2 Search vendor "Xen" for product "Xen" and version "4.7.2" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.3 Search vendor "Xen" for product "Xen" and version "4.7.3" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.8.0 Search vendor "Xen" for product "Xen" and version "4.8.0" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.8.1 Search vendor "Xen" for product "Xen" and version "4.8.1" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.9.0 Search vendor "Xen" for product "Xen" and version "4.9.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.0.2 Search vendor "Citrix" for product "Xenserver" and version "6.0.2" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.2.0 Search vendor "Citrix" for product "Xenserver" and version "6.2.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.5 Search vendor "Citrix" for product "Xenserver" and version "6.5" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.0 Search vendor "Citrix" for product "Xenserver" and version "7.0" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.1 Search vendor "Citrix" for product "Xenserver" and version "7.1" | - |
Affected
| ||||||
| Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.2 Search vendor "Citrix" for product "Xenserver" and version "7.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||