Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

Published

2017-07-05T01:29:00.707

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System xen xen 4.5.0 Yes
Operating System xen xen 4.5.1 Yes
Operating System xen xen 4.5.2 Yes
Operating System xen xen 4.5.3 Yes
Operating System xen xen 4.5.5 Yes
Operating System xen xen 4.6.0 Yes
Operating System xen xen 4.6.1 Yes
Operating System xen xen 4.6.2 Yes
Operating System xen xen 4.6.4 Yes
Operating System xen xen 4.6.5 Yes
Operating System xen xen 4.7.1 Yes
Operating System xen xen 4.8.0 Yes
Operating System xen xen 4.8.1 Yes
References