Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-14318

Date: September 12, 2017

An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.

Language: C

Severity Score

Related Resources (8)

https://support.citrix.com/article/CTX227185
http://www.securitytracker.com/id/1039349
https://nvd.nist.gov/vuln/detail/CVE-2017-14318
http://xenbits.xen.org/xsa/advisory-232.html
http://www.securityfocus.com/bid/100817
https://www.debian.org/security/2017/dsa-4050
https://access.redhat.com/security/cve/CVE-2017-14318
https://www.mend.io/vulnerability-database/CVE-2017-14318

Severity Score

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us