CVE-2017-10916 — Sensitive Information Exposure in XEN

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJul 5

Latest updateMay 17

Description

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.1-1+deb9u3 (bookworm)

▶Debianxen/xen< 4.8.1-1+deb9u3+3

▶NVDxen/xen13 versions+12

🔴Vulnerability Details

GHSA

GHSA-vrf7-6p2g-pr3x: The vCPU context-switch implementation in Xen through 4↗2022-05-17

▶

OSV

CVE-2017-10916: The vCPU context-switch implementation in Xen through 4↗2017-07-05

▶

📋Vendor Advisories

Red Hat

xen: x86: PKRU and BND* leakage between vCPU-s (XSA-220)↗2017-06-20

▶

Debian

CVE-2017-10916: xen - The vCPU context-switch implementation in Xen through 4.8.x improperly interacts...↗2017

▶

💬Community

Bugzilla

CVE-2017-10911 CVE-2017-10912 CVE-2017-10913 CVE-2017-10914 CVE-2017-10915 CVE-2017-10916 CVE-2017-10918 CVE-2017-10919 CVE-2017-10920 CVE-2017-10921 CVE-2017-10922 CVE-2017-10923 xen: various flaws [↗2017-06-20

▶

Bugzilla

CVE-2017-10916 xsa220 xen: x86: PKRU and BND* leakage between vCPU-s (XSA-220)↗2017-06-05

▶