CVE-2017-12136

Published: Aug 24, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.1 / Impact: 6.0

Source: NVD

Description

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

Affected (21)

Products: Xen: Xen · Citrix: Xenserver · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	Version 4.6.0
Xen Xen	Version 4.6.1
Xen Xen	Version 4.6.3
Xen Xen	Version 4.6.4
Xen Xen	Version 4.6.5
Xen Xen	Version 4.6.6
Xen Xen	Version 4.7.0
Xen Xen	Version 4.7.1
Xen Xen	Version 4.7.2
Xen Xen	Version 4.7.3
Xen Xen	Version 4.8.0
Xen Xen	Version 4.8.1
Xen Xen	Version 4.9.0

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.2.0
Citrix Xenserver	Version 6.5
Citrix Xenserver	Version 7.0
Citrix Xenserver	Version 7.1
Citrix Xenserver	Version 7.2

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (16)

http://www.debian.org/security/2017/dsa-3969

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/08/15/3

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/100346

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039175

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-228.html

Source: cve@mitre.org

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1477651

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201801-14

Source: cve@mitre.org

Third Party Advisory

https://support.citrix.com/article/CTX225941

Source: cve@mitre.org

PatchThird Party Advisory

http://www.debian.org/security/2017/dsa-3969

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/08/15/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/100346

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039175

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-228.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1477651

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/201801-14

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.citrix.com/article/CTX225941

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.