{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-220.html"}, {"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "1038730", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038730"}, {"name": "99167", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99167"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xen.org/xsa/advisory-220.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-220.html"}, {"name": "GLSA-201708-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "1038730", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038730"}, {"name": "99167", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99167"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.652Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-220.html"}, {"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "1038730", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038730"}, {"name": "99167", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99167"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10916", "datePublished": "2017-07-05T01:00:00.000Z", "dateReserved": "2017-07-04T00:00:00.000Z", "dateUpdated": "2024-08-05T17:50:12.652Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0ED340C-6746-471E-9F2D-19D62D224B7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "99BD7C4F-DE4C-4508-B20D-46A94B616C5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "3374F1FB-70F9-4EBC-837B-0D42282E3E5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "37DA3D28-EAE7-4EC9-977C-444A46CBD9C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B6F7CE9-C409-4D88-9A99-B21420633F45", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B814C381-4991-495A-B530-7543F977B346", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "6FE1F484-23B4-4CCC-AD23-6F8BDC312CE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "BBB7BAFE-9CB4-40D2-908C-55307728116F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "6AD42E21-EA9E-41EB-AC7E-478CCEEEBA8D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FDFDDA0-51D2-4995-9B4D-48047C940FC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4447FA6-EDE7-4915-8238-2EA4CE782E96", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB6804DA-1A77-47BF-803A-30AC602F8A9B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220."}, {"lang": "es", "value": "La implementaci\u00f3n context-switch de vCPU en Xen hasta la versi\u00f3n 4.8.x, interact\u00faa inapropiadamente con las funcionalidades Memory Protection Extensions (MPX) y Protection Key (PKU), lo que facilita a los usuarios del sistema operativo invitado superar a la ASLR y a otros mecanismos de protecci\u00f3n, tambi\u00e9n se conoce como XSA-220."}], "id": "CVE-2017-10916", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-05T01:29:00.707", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/99167"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038730"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-220.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/99167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-220.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper (Citrix) as the original reporter.", "bugzilla": {"description": "xen: x86: PKRU and BND* leakage between vCPU-s (XSA-220)", "id": "1458874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458874"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:H", "status": "draft"}, "details": ["The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220."], "name": "CVE-2017-10916", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-10916\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10916\nhttp://xenbits.xen.org/xsa/advisory-220.html"], "threat_severity": "Important"}

{}