Published: 05/07/2017 Updated: 21/11/2024

The vCPU context-switch implementation in Xen up to and including 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.5.0
xen xen 4.5.1
xen xen 4.5.2
xen xen 4.5.3
xen xen 4.5.5
xen xen 4.6.0
xen xen 4.6.1
xen xen 4.6.2
xen xen 4.6.4
xen xen 4.6.5
xen xen 4.7.1
xen xen 4.8.0
xen xen 4.8.1

The vCPU context-switch implementation in Xen through 48x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220 ...

CWE-200 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-10916 https://www.first.org/epss http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/99167 http://www.securitytracker.com/id/1038730 https://security.gentoo.org/glsa/201708-03 https://xenbits.xen.org/xsa/advisory-220.html http://www.debian.org/security/2017/dsa-3969 http://www.securityfocus.com/bid/99167 http://www.securitytracker.com/id/1038730 https://security.gentoo.org/glsa/201708-03 https://xenbits.xen.org/xsa/advisory-220.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-10916

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect