{"api_version":"1","generated_at":"2026-04-23T06:59:13+00:00","cve":"CVE-2017-15588","urls":{"html":"https://cve.report/CVE-2017-15588","api":"https://cve.report/api/cve/CVE-2017-15588.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15588","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15588"},"summary":{"title":"CVE-2017-15588","description":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-10-18 08:29:00","updated_at":"2018-10-19 10:29:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/101490","name":"101490","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Xen CVE-2017-15588 Arbitrary Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html","name":"[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1549-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html","name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1181-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xen.org/xsa/advisory-241.html","name":"https://xenbits.xen.org/xsa/advisory-241.html","refsource":"CONFIRM","tags":["Mailing List","Mitigation","Patch","Vendor Advisory"],"title":"XSA-241 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-14","name":"GLSA-201801-14","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4050","name":"DSA-4050","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4050-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039568","name":"1039568","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX228867","name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15588","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15588","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15588","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"4.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15588","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"4.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15588","qid":"500819","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15588","qid":"504562","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15588","qid":"710266","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201801-14)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-15588","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"101490","refsource":"BID","url":"http://www.securityfocus.com/bid/101490"},{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"DSA-4050","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4050"},{"name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX228867"},{"name":"https://xenbits.xen.org/xsa/advisory-241.html","refsource":"CONFIRM","url":"https://xenbits.xen.org/xsa/advisory-241.html"},{"name":"[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"},{"name":"GLSA-201801-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039568"}]}},"nvd":{"publishedDate":"2017-10-18 08:29:00","lastModifiedDate":"2018-10-19 10:29:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.1,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:4.9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15588","Ordinal":"113093","Title":"CVE-2017-15588","CVE":"CVE-2017-15588","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15588","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15588","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15588","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}