QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7228

Published: Apr 4, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://xenbits.xen.org/xsa/advisory-212.html

x_refsource_CONFIRM

http://openwall.com/lists/oss-security/2017/04/04/3

x_refsource_CONFIRM

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

exploit

x_refsource_EXPLOIT-DB

https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.