← Back to CVEs

CVE-2017-14316

N/A

Description

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

CVE Details

CVSS v3.1 ScoreN/A

Published9/12/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

xen:xen

Weaknesses (CWE)

CWE-125

References

http://www.securityfocus.com/bid/100818(cve@mitre.org)

http://www.securitytracker.com/id/1039348(cve@mitre.org)

http://xenbits.xen.org/xsa/advisory-231.html(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html(cve@mitre.org)

https://support.citrix.com/article/CTX227185(cve@mitre.org)

https://www.debian.org/security/2017/dsa-4050(cve@mitre.org)

http://www.securityfocus.com/bid/100818(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1039348(af854a3a-2127-422b-91ae-364da2661108)

http://xenbits.xen.org/xsa/advisory-231.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

https://support.citrix.com/article/CTX227185(af854a3a-2127-422b-91ae-364da2661108)

https://www.debian.org/security/2017/dsa-4050(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.