{"api_version":"1","generated_at":"2026-04-23T06:59:39+00:00","cve":"CVE-2017-15592","urls":{"html":"https://cve.report/CVE-2017-15592","api":"https://cve.report/api/cve/CVE-2017-15592.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15592","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15592"},"summary":{"title":"CVE-2017-15592","description":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-10-18 08:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-668"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/102129","name":"102129","refsource":"BID","tags":[],"title":"RETIRED: Citrix XenServer Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.citrix.com/article/CTX230138","name":"https://support.citrix.com/article/CTX230138","refsource":"CONFIRM","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html","name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1181-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-14","name":"GLSA-201801-14","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4050","name":"DSA-4050","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4050-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xen.org/xsa/advisory-243.html","name":"https://xenbits.xen.org/xsa/advisory-243.html","refsource":"CONFIRM","tags":["Mitigation","Patch","Vendor Advisory"],"title":"XSA-243 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html","name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1559-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039568","name":"1039568","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX228867","name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/101513","name":"101513","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Xen CVE-2017-15592 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15592","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15592","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15592","vulnerable":"1","versionEndIncluding":"4.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15592","qid":"500819","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15592","qid":"504562","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15592","qid":"710266","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201801-14)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-15592","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://xenbits.xen.org/xsa/advisory-243.html","refsource":"CONFIRM","url":"https://xenbits.xen.org/xsa/advisory-243.html"},{"name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"},{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"101513","refsource":"BID","url":"http://www.securityfocus.com/bid/101513"},{"name":"DSA-4050","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4050"},{"name":"102129","refsource":"BID","url":"http://www.securityfocus.com/bid/102129"},{"name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX228867"},{"name":"GLSA-201801-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039568"},{"name":"https://support.citrix.com/article/CTX230138","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX230138"}]}},"nvd":{"publishedDate":"2017-10-18 08:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-668"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15592","Ordinal":"113097","Title":"CVE-2017-15592","CVE":"CVE-2017-15592","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15592","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15592","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15592","Ordinal":"3","NoteData":"2018-10-30","Type":"Other","Title":"Modified"}]}}}