CVE-2017-10923
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2017-10923 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 7.7 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | xen | Not affected |
Acknowledgements
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Julien Grall (ARM) as the original reporter.Mitigation
On systems where the guest kernel is controlled by the host rather than
guest administrator, running only kernels which only send sane IPIs
(i.e. targeting valid CPUs) will prevent untrusted guest users from
exploiting this issue. However untrusted guest administrators can
still trigger it unless further steps are taken to prevent them from
loading code into the kernel (e.g by disabling loadable modules etc) or
from using other mechanisms which allow them to run code at kernel
privilege.
External References
CVE description copyright © 2017, The MITRE Corporation
