Detections
Analytics

CVE-2017-15589

medium

Description

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.

References

http://www.securitytracker.com/id/1039568

http://www.securityfocus.com/bid/101496

https://xenbits.xen.org/xsa/advisory-239.html

https://www.debian.org/security/2017/dsa-4050

https://support.citrix.com/article/CTX228867

https://security.gentoo.org/glsa/201801-14

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html

https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html

Details

Source: Mitre, NVD

Published: 2017-10-18

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00079