CVE-2017-12134

Published: Aug 24, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

Affected (7)

Products: Xen: Xen · Citrix: Xenserver

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	All versions

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.2.0
Citrix Xenserver	Version 6.5
Citrix Xenserver	Version 7.0
Citrix Xenserver	Version 7.1
Citrix Xenserver	Version 7.2

Related CWEs

Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References (20)

http://www.debian.org/security/2017/dsa-3981

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2017/08/15/4

Source: cve@mitre.org

Mailing ListMitigationThird Party Advisory

http://www.securityfocus.com/bid/100343

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039176

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-229.html

Source: cve@mitre.org

MitigationPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1477656

Source: cve@mitre.org

Issue TrackingMitigationPatchThird Party Advisory

https://security.gentoo.org/glsa/201801-14

Source: cve@mitre.org

https://support.citrix.com/article/CTX225941

Source: cve@mitre.org

PatchThird Party Advisory

https://usn.ubuntu.com/3655-1/

Source: cve@mitre.org

https://usn.ubuntu.com/3655-2/

Source: cve@mitre.org

http://www.debian.org/security/2017/dsa-3981

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2017/08/15/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListMitigationThird Party Advisory

http://www.securityfocus.com/bid/100343

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039176

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-229.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1477656

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationPatchThird Party Advisory

https://security.gentoo.org/glsa/201801-14

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.citrix.com/article/CTX225941

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://usn.ubuntu.com/3655-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3655-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.