Published: 18/10/2017 Updated: 19/10/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Xen up to and including 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen 4.9.0

An issue was discovered in Xen through 49x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory ...

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 72 The following vulnerabilities have been addres ...

CWE-200 https://xenbits.xen.org/xsa/advisory-239.html http://www.securitytracker.com/id/1039568 http://www.securityfocus.com/bid/101496 https://support.citrix.com/article/CTX228867 https://www.debian.org/security/2017/dsa-4050 https://security.gentoo.org/glsa/201801-14 https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-15589

CVE-2017-15589

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect