CVE-2017-15589

LOW

Description

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.

References

http://www.securityfocus.com/bid/101496

http://www.securitytracker.com/id/1039568

https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html

https://security.gentoo.org/glsa/201801-14

https://support.citrix.com/article/CTX228867

https://www.debian.org/security/2017/dsa-4050

https://xenbits.xen.org/xsa/advisory-239.html

Details

Source: MITRE

Published: 2017-10-18

Updated: 2018-10-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Tenable Plugins

View all (26 total)

ID	Name	Product	Family	Severity
118215	Debian DLA-1549-1 : xen security update	Nessus	Debian Local Security Checks	high
111992	OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)	Nessus	OracleVM Local Security Checks	critical
106038	GLSA-201801-14 : Xen: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
105971	Fedora 27 : xen (2017-c432db2971)	Nessus	Fedora Local Security Checks	high
104819	Debian DSA-4050-1 : xen - security update	Nessus	Debian Local Security Checks	high
104708	Debian DLA-1181-1 : xen security update	Nessus	Debian Local Security Checks	high
104349	openSUSE Security Update : xen (openSUSE-2017-1239)	Nessus	SuSE Local Security Checks	high
104347	Fedora 25 : xen (2017-d4709b0d8b)	Nessus	Fedora Local Security Checks	high
104310	Fedora 26 : xen (2017-5bcddc1984)	Nessus	Fedora Local Security Checks	high
104255	SUSE SLES12 Security Update : xen (SUSE-SU-2017:2873-1)	Nessus	SuSE Local Security Checks	high
104252	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2864-1)	Nessus	SuSE Local Security Checks	high
104249	OracleVM 3.4 : xen (OVMSA-2017-0166)	Nessus	OracleVM Local Security Checks	high
104209	SUSE SLES12 Security Update : xen (SUSE-SU-2017:2856-1)	Nessus	SuSE Local Security Checks	high
104201	OracleVM 3.2 / 3.3 / 3.4 : xen (OVMSA-2017-0162)	Nessus	OracleVM Local Security Checks	high
104099	SUSE SLES11 Security Update : xen (SUSE-SU-2017:2815-1)	Nessus	SuSE Local Security Checks	high
104098	SUSE SLES11 Security Update : xen (SUSE-SU-2017:2812-1)	Nessus	SuSE Local Security Checks	high
104085	openSUSE Security Update : xen (openSUSE-2017-1181)	Nessus	SuSE Local Security Checks	high
103979	Xen Hypervisor New CPU Interrupt Descriptor Table (IDT) Copy Handling Guest-to-Host Privilege Escalation (XSA-244)	Nessus	Misc.	high
103978	Xen Hypervisor Translated Guest Self-linear Shadow Mapping Handling Guest-to-Host Privilege Escalation (XSA-243)	Nessus	Misc.	high
103977	Xen Hypervisor Page Type Reference Handling Memory Exhaustion Guest-to-Host DoS (XSA-242)	Nessus	Misc.	high
103976	Xen Hypervisor TLB Flush Request Handling Race Condition System Memory Access Guest-to-Host Privilege Escalation (XSA-241)	Nessus	Misc.	high
103975	Xen Hypervisor Pagetable De-typing Recursion Handling Guest-to-Host DoS (XSA-240)	Nessus	Misc.	high
103974	Xen Hypervisor I/O Intercept Code Hypervisor Stack Guest-to-Host Information Disclosure (XSA-239)	Nessus	Misc.	high
103973	Xen Hypervisor Multiple Functions DMOP Handling Guest-to-Host DoS (XSA-238)	Nessus	Misc.	high
103972	Xen Hypervisor PCI MSI Interrupt Setup Multiple Guest-to-Host Privilege Escalation (XSA-237)	Nessus	Misc.	high
103927	Citrix XenServer Multiple Vulnerabilities (CTX228867)	Nessus	Misc.	high