CVE-2017-14316

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-14316

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14316.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14316

Downstream

ALPINE-CVE-2017-14316

DEBIAN-CVE-2017-14316

DLA-1132-1

DLA-1549-1

DSA-4050-1

SUSE-SU-2017:2420-1

SUSE-SU-2017:2450-1

SUSE-SU-2017:2466-1

SUSE-SU-2017:2519-1

SUSE-SU-2017:2541-1

SUSE-SU-2017:2611-1

UBUNTU-CVE-2017-14316

Related

Published

2017-09-12T15:29:00Z

Modified

2025-08-09T19:01:28Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A parameter verification issue was discovered in Xen through 4.9.x. The function alloc_heap_pages allows callers to specify the first NUMA node that should be used for allocations through the memflags parameter; the node is extracted using the MEMF_get_node macro. While the function checks to see if the special constant NUMA_NO_NODE is specified, it otherwise does not handle the case where node >= MAX_NUMNODES. This allows an out-of-bounds access to an internal array.

References

Affected packages