Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-14316

Опубликовано: 12 сент. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.2
CVSS3: 8.8

Описание

A parameter verification issue was discovered in Xen through 4.9.x. The function alloc_heap_pages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMF_get_node macro. While the function checks to see if the special constant NUMA_NO_NODE is specified, it otherwise does not handle the case where node >= MAX_NUMNODES. This allows an out-of-bounds access to an internal array.

РелизСтатусПримечание
devel

released

4.9.0-0ubuntu3
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [4.4.2-0ubuntu0.14.04.14]]
esm-infra/xenial

released

4.6.5-0ubuntu1.4
precise/esm

DNE

trusty

released

4.4.2-0ubuntu0.14.04.14
trusty/esm

DNE

trusty was released [4.4.2-0ubuntu0.14.04.14]
upstream

needs-triage

vivid/ubuntu-core

DNE

xenial

released

4.6.5-0ubuntu1.4
zesty

released

4.8.0-1ubuntu2.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%
0.00072
Низкий

7.2 High

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-14316

CVSS3: 8.8
redhat
больше 8 лет назад

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

nvd логотип

CVE-2017-14316

CVSS3: 8.8
nvd
больше 8 лет назад

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

debian логотип

CVE-2017-14316

CVSS3: 8.8
debian
больше 8 лет назад

A parameter verification issue was discovered in Xen through 4.9.x. Th ...

github логотип

GHSA-9pmq-32g5-2h85

CVSS3: 8.8
github
больше 3 лет назад

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

fstec логотип

BDU:2017-02296

CVSS3: 8.8
fstec
больше 8 лет назад

Уязвимость функции alloc_heap_pages гипервизора Xen, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.00072
Низкий

7.2 High

CVSS2

8.8 High

CVSS3