CVE-2017-10916
N/A
N/A
Summary
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://xenbits.xen.org/xsa/advisory-220.html
- https://security.gentoo.org/glsa/201708-03
- http://www.debian.org/security/2017/dsa-3969
- http://www.securitytracker.com/id/1038730
- http://www.securityfocus.com/bid/99167
References
- https://xenbits.xen.org/xsa/advisory-220.html
- https://security.gentoo.org/glsa/201708-03
- http://www.debian.org/security/2017/dsa-3969
- http://www.securitytracker.com/id/1038730
- http://www.securityfocus.com/bid/99167
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.