CVE-2017-10915
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2017-10915 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 8.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | xen | Will not fix |
Acknowledgements
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper (Citrix) as the original reporter.Mitigation
Where the HVM guest is explicitly configured to use shadow paging (eg
via the `hap=0' xl domain configuration file parameter), changing to
HAP (eg by setting `hap=1') will avoid exposing the vulnerability to
those guests. HAP is the default (in upstream Xen), where the
hardware supports it; so this mitigation is only applicable if HAP has
been disabled by configuration.
(This mitigation is not applicable to PV guests.)
External References
CVE description copyright © 2017, The MITRE Corporation
