← voltar
CVE-2017-14316

CVE-2017-14316

EPSS 0.4%
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.htmlhttps://support.citrix.com/article/CTX227185https://www.debian.org/security/2017/dsa-4050http://www.securityfocus.com/bid/100818http://www.securitytracker.com/id/1039348http://xenbits.xen.org/xsa/advisory-231.html