{"api_version":"1","generated_at":"2026-04-23T06:58:30+00:00","cve":"CVE-2017-15589","urls":{"html":"https://cve.report/CVE-2017-15589","api":"https://cve.report/api/cve/CVE-2017-15589.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15589","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15589"},"summary":{"title":"CVE-2017-15589","description":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-10-18 08:29:00","updated_at":"2018-10-19 10:29:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://xenbits.xen.org/xsa/advisory-239.html","name":"https://xenbits.xen.org/xsa/advisory-239.html","refsource":"CONFIRM","tags":["Mailing List","Mitigation","Patch","Vendor Advisory"],"title":"XSA-239 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html","name":"[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1549-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html","name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1181-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-14","name":"GLSA-201801-14","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4050","name":"DSA-4050","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4050-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039568","name":"1039568","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX228867","name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101496","name":"101496","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Xen CVE-2017-15589 Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15589","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15589","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15589","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"4.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"15589","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"4.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15589","qid":"500819","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15589","qid":"504562","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15589","qid":"710266","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201801-14)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-15589","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"101496","refsource":"BID","url":"http://www.securityfocus.com/bid/101496"},{"name":"https://xenbits.xen.org/xsa/advisory-239.html","refsource":"CONFIRM","url":"https://xenbits.xen.org/xsa/advisory-239.html"},{"name":"DSA-4050","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4050"},{"name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX228867"},{"name":"[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"},{"name":"GLSA-201801-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039568"}]}},"nvd":{"publishedDate":"2017-10-18 08:29:00","lastModifiedDate":"2018-10-19 10:29:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:4.9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15589","Ordinal":"113094","Title":"CVE-2017-15589","CVE":"CVE-2017-15589","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15589","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15589","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15589","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}