CVE-2017-15589

Impact:
Moderate
Public Date:
2017-10-12
Bugzilla:
1499819: CVE-2017-15589 xsa239 xen: hypervisor stack leak in x86 I/O intercept code (XSA-239)

The MITRE CVE dictionary describes this issue as:

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.

Find out more about CVE-2017-15589 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.8
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 xen Will not fix

Acknowledgements

Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Roger Pau Monné (Citrix) as the original reporter.

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.