6.5

CVE-2017-15589

EPSS 0.09%
Veröffentlicht 18.10.2017 08:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version4.9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.272

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://security.gentoo.org/glsa/201801-14

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html

https://www.debian.org/security/2017/dsa-4050

http://www.securitytracker.com/id/1039568

Third Party Advisory

VDB Entry

https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html

https://support.citrix.com/article/CTX228867

http://www.securityfocus.com/bid/101496

Third Party Advisory

VDB Entry

https://xenbits.xen.org/xsa/advisory-239.html

Patch

Vendor Advisory

Mailing List

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-15589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15589

EUVD