QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14316

Published: Sep 12, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://xenbits.xen.org/xsa/advisory-231.html

x_refsource_CONFIRM

https://support.citrix.com/article/CTX227185

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.