CVE-2017-14316

A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Information

Published : 2017-09-12 08:29

Updated : 2018-10-19 03:29


NVD link : CVE-2017-14316

Mitre link : CVE-2017-14316


JSON object : View

CWE
CWE-125

Out-of-bounds Read

Advertisement

dedicated server usa

Products Affected

xen

  • xen