CVE-2017-17044

Published: Nov 28, 2017 Last Modified: Mag 13, 2026 EU-VD ID: EUVD-2017-8213 Aliases: GSD-2017-17044
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 4,9
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: complete

Description

AI Translation Available

An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 75 Days)

754

Improper Check for Unusual or Exceptional Conditions

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability
Potential Impacts:
Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
755

Improper Handling of Exceptional Conditions

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Other
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
835

Loop with Unreachable Exit Condition ('Infinite Loop')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Amplification
Applicable Platforms
All platforms may be affected
View CWE Details
Operating System

Xen by Xen

Product Information
Vendor Xen
Product Xen
Version Range Affected
To 4.9.1 (inclusive)
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.debian.org/debian-lts-announce/2018/01/msg000…
https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html
https://lists.debian.org/debian-lts-announce/2018/10/msg000…
https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html
https://security.gentoo.org/glsa/201801-14
https://security.gentoo.org/glsa/201801-14
https://support.citrix.com/article/CTX230138
https://support.citrix.com/article/CTX230138
https://xenbits.xen.org/xsa/advisory-246.html
https://xenbits.xen.org/xsa/advisory-246.html
http://www.securityfocus.com/bid/102008
http://www.securityfocus.com/bid/102008
http://www.securityfocus.com/bid/102129
http://www.securityfocus.com/bid/102129
http://www.securityfocus.com/bid/105954
http://www.securityfocus.com/bid/105954
http://www.securitytracker.com/id/1039878
http://www.securitytracker.com/id/1039878
https://lists.debian.org/debian-lts-announce/2018/01/msg000…
https://lists.debian.org/debian-lts-announce/2018/01/msg00003.html
https://lists.debian.org/debian-lts-announce/2018/10/msg000…
https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html
https://security.gentoo.org/glsa/201801-14
https://security.gentoo.org/glsa/201801-14
https://support.citrix.com/article/CTX230138
https://support.citrix.com/article/CTX230138
https://xenbits.xen.org/xsa/advisory-246.html
https://xenbits.xen.org/xsa/advisory-246.html
http://www.securityfocus.com/bid/102008
http://www.securityfocus.com/bid/102008
http://www.securityfocus.com/bid/102129
http://www.securityfocus.com/bid/102129
http://www.securityfocus.com/bid/105954
http://www.securityfocus.com/bid/105954
http://www.securitytracker.com/id/1039878
http://www.securitytracker.com/id/1039878