What is the severity of CVE-2017-12855?

CVE-2017-12855 is rated as a high severity vulnerability due to its potential impact on system security.

How do I fix CVE-2017-12855?

To fix CVE-2017-12855, users should update their Xen hypervisor to the latest patched version.

What are the affected versions for CVE-2017-12855?

CVE-2017-12855 affects Xen versions from 4.5.0 to 4.9.0.

What type of vulnerability is CVE-2017-12855?

CVE-2017-12855 is an issue related to improper handling of grant table modifications in the Xen hypervisor.

Can CVE-2017-12855 be exploited remotely?

Yes, CVE-2017-12855 can be exploited by an attacker with access to the guest environment.

Vulnerability/
CVE-2017-12855

medium

6.5

CWE

200

15/8/2017

5/8/2024

CVE-2017-12855: Infoleak

First published: Tue Aug 15 2017(Updated: )

Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Xen xen-unstable	=4.5.0
Xen xen-unstable	=4.5.1
Xen xen-unstable	=4.5.2
Xen xen-unstable	=4.5.3
Xen xen-unstable	=4.5.5
Xen xen-unstable	=4.6.0
Xen xen-unstable	=4.6.1
Xen xen-unstable	=4.6.3
Xen xen-unstable	=4.6.4
Xen xen-unstable	=4.6.5
Xen xen-unstable	=4.6.6
Xen xen-unstable	=4.7.0
Xen xen-unstable	=4.7.1
Xen xen-unstable	=4.7.2
Xen xen-unstable	=4.7.3
Xen xen-unstable	=4.8.0
Xen xen-unstable	=4.8.1
Xen xen-unstable	=4.9.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12855?
CVE-2017-12855 is rated as a high severity vulnerability due to its potential impact on system security.
How do I fix CVE-2017-12855?
To fix CVE-2017-12855, users should update their Xen hypervisor to the latest patched version.
What are the affected versions for CVE-2017-12855?
CVE-2017-12855 affects Xen versions from 4.5.0 to 4.9.0.
What type of vulnerability is CVE-2017-12855?
CVE-2017-12855 is an issue related to improper handling of grant table modifications in the Xen hypervisor.
Can CVE-2017-12855 be exploited remotely?
Yes, CVE-2017-12855 can be exploited by an attacker with access to the guest environment.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/references
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/xen
canonical/xen xen-unstable
version/xen xen-unstable/4.5.0
version/xen xen-unstable/4.5.1
version/xen xen-unstable/4.5.2
version/xen xen-unstable/4.5.3
version/xen xen-unstable/4.5.5
version/xen xen-unstable/4.6.0
version/xen xen-unstable/4.6.1
version/xen xen-unstable/4.6.3
version/xen xen-unstable/4.6.4
version/xen xen-unstable/4.6.5
version/xen xen-unstable/4.6.6
version/xen xen-unstable/4.7.0
version/xen xen-unstable/4.7.1
version/xen xen-unstable/4.7.2
version/xen xen-unstable/4.7.3
version/xen xen-unstable/4.8.0
version/xen xen-unstable/4.8.1
version/xen xen-unstable/4.9.0