CVE-2017-10916 | SynScan

Vulnerability Database

290,273

Total vulnerabilities in the database

CVE-2017-10916

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

Published: Jul 5, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-10916
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
xen / xen	4.6.0	4.6.0.x
xen / xen	4.5.5	4.5.5.x
xen / xen	4.6.4	4.6.4.x
xen / xen	4.7.1	4.7.1.x
xen / xen	4.5.2	4.5.2.x
xen / xen	4.6.1	4.6.1.x
xen / xen	4.8.0	4.8.0.x
xen / xen	4.5.3	4.5.3.x
xen / xen	4.6.2	4.6.2.x
xen / xen	4.8.1	4.8.1.x
xen / xen	4.5.1	4.5.1.x
xen / xen	4.5.0	4.5.0.x
xen / xen	4.6.5	4.6.5.x