CVE-2017-15589
Summary
| CVE | CVE-2017-15589 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-18 08:29:00 UTC |
| Updated | 2018-10-19 10:29:00 UTC |
| Description | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| XSA-239 - Xen Security Advisories | CONFIRM | xenbits.xen.org | Mailing List, Mitigation, Patch, Vendor Advisory |
| [SECURITY] [DLA 1549-1] xen security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 1181-1] xen security update | MLIST | lists.debian.org | |
| Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security | GENTOO | security.gentoo.org | |
| Debian -- Security Information -- DSA-4050-1 xen | DEBIAN | www.debian.org | |
| Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Citrix XenServer Multiple Security Updates | CONFIRM | support.citrix.com | |
| Xen CVE-2017-15589 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.