9.1 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.7%
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
www.debian.org/security/2017/dsa-3969
www.securityfocus.com/bid/99157
www.securitytracker.com/id/1038731
security.gentoo.org/glsa/201708-03
xenbits.xen.org/xsa/advisory-221.html