CVE-2017-10923

Impact:
Moderate
Public Date:
2017-06-20
Bugzilla:
1459515: CVE-2017-10923 xsa225 xen: arm: vgic: Out-of-bound access when sending SGIs (XSA-225)

The MITRE CVE dictionary describes this issue as:

Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.

Find out more about CVE-2017-10923 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 xen Not affected

Acknowledgements

Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Julien Grall (ARM) as the original reporter.

Mitigation

On systems where the guest kernel is controlled by the host rather than
guest administrator, running only kernels which only send sane IPIs
(i.e. targeting valid CPUs) will prevent untrusted guest users from
exploiting this issue. However untrusted guest administrators can
still trigger it unless further steps are taken to prevent them from
loading code into the kernel (e.g by disabling loadable modules etc) or
from using other mechanisms which allow them to run code at kernel
privilege.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.