CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.debian.org/security/2017/dsa-3969
http://www.securityfocus.com/bid/99167
http://www.securitytracker.com/id/1038730
https://security.gentoo.org/glsa/201708-03
https://xenbits.xen.org/xsa/advisory-220.html	Mailing List Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen:4.5.0:::::::*
	cpe:2.3:o:xen:xen:4.5.1:::::::*
	cpe:2.3:o:xen:xen:4.5.2:::::::*
	cpe:2.3:o:xen:xen:4.5.3:::::::*
	cpe:2.3:o:xen:xen:4.5.5:::::::*
	cpe:2.3:o:xen:xen:4.6.0:::::::*
	cpe:2.3:o:xen:xen:4.6.1:::::::*
	cpe:2.3:o:xen:xen:4.6.2:::::::*
	cpe:2.3:o:xen:xen:4.6.4:::::::*
	cpe:2.3:o:xen:xen:4.6.5:::::::*
	cpe:2.3:o:xen:xen:4.7.1:::::::*
	cpe:2.3:o:xen:xen:4.8.0:::::::*
	cpe:2.3:o:xen:xen:4.8.1:::::::*

History

No history.

Information

Published : 2017-07-05 01:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-10916

Mitre link : CVE-2017-10916

CVE.ORG link : CVE-2017-10916

JSON object : View

Products Affected

xen

xen

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2017-10916", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-05T01:29:00.707", "references": [{"url": "http://www.debian.org/security/2017/dsa-3969", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99167", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1038730", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201708-03", "source": "cve@mitre.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-220.html", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220."}, {"lang": "es", "value": "La implementaci\u00f3n context-switch de vCPU en Xen hasta la versi\u00f3n 4.8.x, interact\u00faa inapropiadamente con las funcionalidades Memory Protection Extensions (MPX) y Protection Key (PKU), lo que facilita a los usuarios del sistema operativo invitado superar a la ASLR y a otros mecanismos de protecci\u00f3n, tambi\u00e9n se conoce como XSA-220."}], "lastModified": "2017-11-04T01:29:31.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA"}, {"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A"}, {"criteria": "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99BD7C4F-DE4C-4508-B20D-46A94B616C5B"}, {"criteria": "cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3374F1FB-70F9-4EBC-837B-0D42282E3E5F"}, {"criteria": "cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"}, {"criteria": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6F7CE9-C409-4D88-9A99-B21420633F45"}, {"criteria": "cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B814C381-4991-495A-B530-7543F977B346"}, {"criteria": "cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FE1F484-23B4-4CCC-AD23-6F8BDC312CE8"}, {"criteria": "cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBB7BAFE-9CB4-40D2-908C-55307728116F"}, {"criteria": "cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD42E21-EA9E-41EB-AC7E-478CCEEEBA8D"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}, {"criteria": "cpe:2.3:o:xen:xen:4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4447FA6-EDE7-4915-8238-2EA4CE782E96"}, {"criteria": "cpe:2.3:o:xen:xen:4.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB6804DA-1A77-47BF-803A-30AC602F8A9B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}