UBUNTU-CVE-2017-12855

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2017-12855

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-12855.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-12855

Related

CVE-2017-12855

Published

2017-08-15T16:29:00Z

Modified

2017-08-15T16:29:00Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Xen maintains the GTF{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.

References

Affected packages

Ubuntu:14.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.4.2-0ubuntu0.14.04.14?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.2-0ubuntu0.14.04.14

Affected versions

4.*

4.3.0-1ubuntu1

4.3.0-1ubuntu2

4.3.0-1ubuntu3

4.3.0-1ubuntu4

4.3.0-1ubuntu5

4.4.0-0ubuntu3

4.4.0-0ubuntu4

4.4.0-0ubuntu5

4.4.0-0ubuntu5.1

4.4.0-0ubuntu5.2

4.4.1-0ubuntu0.14.04.1

4.4.1-0ubuntu0.14.04.2

4.4.1-0ubuntu0.14.04.3

4.4.1-0ubuntu0.14.04.4

4.4.1-0ubuntu0.14.04.5

4.4.1-0ubuntu0.14.04.6

4.4.2-0ubuntu0.14.04.1

4.4.2-0ubuntu0.14.04.2

4.4.2-0ubuntu0.14.04.3

4.4.2-0ubuntu0.14.04.4

4.4.2-0ubuntu0.14.04.5

4.4.2-0ubuntu0.14.04.6

4.4.2-0ubuntu0.14.04.7

4.4.2-0ubuntu0.14.04.9

4.4.2-0ubuntu0.14.04.10

4.4.2-0ubuntu0.14.04.11

4.4.2-0ubuntu0.14.04.12

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "xenstore-utils-dbgsym": "4.4.2-0ubuntu0.14.04.14",
            "libxenstore3.0": "4.4.2-0ubuntu0.14.04.14",
            "libxen-4.4": "4.4.2-0ubuntu0.14.04.14",
            "libxenstore3.0-dbgsym": "4.4.2-0ubuntu0.14.04.14",
            "libxen-ocaml-dev": "4.4.2-0ubuntu0.14.04.14",
            "libxen-dev": "4.4.2-0ubuntu0.14.04.14",
            "xen-utils-4.4-dbgsym": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.3-amd64": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.3-armhf": "4.4.2-0ubuntu0.14.04.14",
            "xen-system-amd64": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.4-arm64": "4.4.2-0ubuntu0.14.04.14",
            "libxen-ocaml": "4.4.2-0ubuntu0.14.04.14",
            "xenstore-utils": "4.4.2-0ubuntu0.14.04.14",
            "xen-system-armhf": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.1-amd64": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.4-armhf": "4.4.2-0ubuntu0.14.04.14",
            "xen-hypervisor-4.4-amd64": "4.4.2-0ubuntu0.14.04.14",
            "xen-utils-common": "4.4.2-0ubuntu0.14.04.14",
            "libxen-ocaml-dbgsym": "4.4.2-0ubuntu0.14.04.14",
            "xen-utils-4.4": "4.4.2-0ubuntu0.14.04.14",
            "libxen-4.4-dbgsym": "4.4.2-0ubuntu0.14.04.14",
            "xen-system-arm64": "4.4.2-0ubuntu0.14.04.14"
        }
    ]
}

Ubuntu:16.04:LTS / xen

Package

Name: xen
Purl: pkg:deb/ubuntu/xen@4.6.5-0ubuntu1.4?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.6.5-0ubuntu1.4

Affected versions

4.*

4.5.1-0ubuntu1

4.5.1-0ubuntu2

4.6.0-1ubuntu1

4.6.0-1ubuntu2

4.6.0-1ubuntu4

4.6.0-1ubuntu4.1

4.6.0-1ubuntu4.2

4.6.0-1ubuntu4.3

4.6.5-0ubuntu1

4.6.5-0ubuntu1.1

4.6.5-0ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "xen-hypervisor-4.6-armhf": "4.6.5-0ubuntu1.4",
            "libxenstore3.0": "4.6.5-0ubuntu1.4",
            "xenstore-utils-dbgsym": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.5-armhf": "4.6.5-0ubuntu1.4",
            "libxenstore3.0-dbgsym": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.5-amd64": "4.6.5-0ubuntu1.4",
            "xen-utils-4.6": "4.6.5-0ubuntu1.4",
            "libxen-dev": "4.6.5-0ubuntu1.4",
            "xen-system-amd64": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.4-arm64": "4.6.5-0ubuntu1.4",
            "xenstore-utils": "4.6.5-0ubuntu1.4",
            "xen-system-armhf": "4.6.5-0ubuntu1.4",
            "xen-utils-common": "4.6.5-0ubuntu1.4",
            "libxen-4.6": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.4-amd64": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.6-amd64": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.5-arm64": "4.6.5-0ubuntu1.4",
            "xen-utils-4.6-dbgsym": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.4-armhf": "4.6.5-0ubuntu1.4",
            "xen-hypervisor-4.6-arm64": "4.6.5-0ubuntu1.4",
            "libxen-4.6-dbgsym": "4.6.5-0ubuntu1.4",
            "xen-system-arm64": "4.6.5-0ubuntu1.4"
        }
    ]
}