{"api_version":"1","generated_at":"2026-04-23T06:58:45+00:00","cve":"CVE-2017-15594","urls":{"html":"https://cve.report/CVE-2017-15594","api":"https://cve.report/api/cve/CVE-2017-15594.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-15594","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-15594"},"summary":{"title":"CVE-2017-15594","description":"An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-10-18 08:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://xenbits.xen.org/xsa/advisory-244.html","name":"https://xenbits.xen.org/xsa/advisory-244.html","refsource":"CONFIRM","tags":["Mitigation","Patch","Vendor Advisory"],"title":"XSA-244 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201801-14","name":"GLSA-201801-14","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 201801-14) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-4050","name":"DSA-4050","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4050-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html","name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1559-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039568","name":"1039568","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Flaws on x86 Systems Let Local Guest System Users Obtain Memory Contents and Potentially Sensitive Information, Deny Service on the Host System, and Gain Elevated Privileges on the Host System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX228867","name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","tags":[],"title":"Citrix XenServer Multiple Security Updates","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-15594","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15594","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"15594","vulnerable":"1","versionEndIncluding":"4.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-15594","qid":"500819","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15594","qid":"504562","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2017-15594","qid":"710266","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201801-14)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-15594","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"},{"name":"https://xenbits.xen.org/xsa/advisory-244.html","refsource":"CONFIRM","url":"https://xenbits.xen.org/xsa/advisory-244.html"},{"name":"DSA-4050","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-4050"},{"name":"https://support.citrix.com/article/CTX228867","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX228867"},{"name":"GLSA-201801-14","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201801-14"},{"name":"1039568","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039568"}]}},"nvd":{"publishedDate":"2017-10-18 08:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"15594","Ordinal":"113099","Title":"CVE-2017-15594","CVE":"CVE-2017-15594","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"15594","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"15594","Ordinal":"2","NoteData":"2017-10-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"15594","Ordinal":"3","NoteData":"2018-10-30","Type":"Other","Title":"Modified"}]}}}