Main Vulnerability Database SB2017091424

SB2017091424 - Memory leak in Xen

Published: September 14, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017091424

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2017-14431)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. A remote attacker can perform a denial of service attack.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://lists.debian.org/debian-lts-announce/2018/09/msg00006.html
https://xenbits.xen.org/xsa/advisory-207.html