{"api_version":"1","generated_at":"2026-05-13T18:45:59+00:00","cve":"CVE-2017-15593","urls":{"html":"https://cve.report/CVE-2017-15593","api":"https://cve.report/api/cve/CVE-2017-15593.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15593","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15593"},"summary":{"title":"CVE-2017-15593","description":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-10-18 08:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-772","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.9","severity":"","vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html","name":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] [DLA 1181-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4050","name":"https://www.debian.org/security/2017/dsa-4050","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-4050-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xen.org/xsa/advisory-242.html","name":"https://xenbits.xen.org/xsa/advisory-242.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"],"title":"XSA-242 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-14","name":"https://security.gentoo.org/glsa/201801-14","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX228867","name":"https://support.citrix.com/article/CTX228867","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039568","name":"http://www.securitytracker.com/id/1039568","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html","name":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] [DLA 1559-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15593","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15593","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15593","vulnerable":"1","versionEndIncluding":"4.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15593","qid":"500819","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15593","qid":"504562","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15593","qid":"710266","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201801-14)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T19:57:27.214Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"},{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"DSA-4050","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2017/dsa-4050"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.citrix.com/article/CTX228867"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://xenbits.xen.org/xsa/advisory-242.html"},{"name":"GLSA-201801-14","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1039568"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-10-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-30T09:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"},{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"DSA-4050","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2017/dsa-4050"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.citrix.com/article/CTX228867"},{"tags":["x_refsource_CONFIRM"],"url":"https://xenbits.xen.org/xsa/advisory-242.html"},{"name":"GLSA-201801-14","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1039568"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-15593","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"},{"name":"[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"},{"name":"DSA-4050","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4050"},{"name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX228867"},{"name":"https://xenbits.xen.org/xsa/advisory-242.html","refsource":"CONFIRM","url":"https://xenbits.xen.org/xsa/advisory-242.html"},{"name":"GLSA-201801-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039568"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-15593","datePublished":"2017-10-18T08:00:00.000Z","dateReserved":"2017-10-18T00:00:00.000Z","dateUpdated":"2024-08-05T19:57:27.214Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-10-18 08:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-772","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2,"impactScore":4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.0","matchCriteriaId":"7F6BF42B-66A0-4659-9FDC-BE30CE3801CF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15593","Ordinal":"1","Title":"CVE-2017-15593","CVE":"CVE-2017-15593","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15593","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.","Type":"Description","Title":"CVE-2017-15593"},{"CveYear":"2017","CveId":"15593","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15593","Ordinal":"3","NoteData":"2018-10-30","Type":"Other","Title":"Modified"}]}}}