Vulnerability CVE-2017-10916

Vulnerability Name:

CVE-2017-10916 (CCN-127487)

Assigned:

2017-06-20

Published:

2017-06-20

Updated:

2017-11-04

Summary:

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2017-10916

Source: DEBIAN
Type: UNKNOWN
DSA-3969

Source: BID
Type: UNKNOWN
99167

Source: CCN
Type: BID-99167
Xen XSA-220 Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1038730

Source: CCN
Type: Xen Security Advisory XSA-220
x86: PKRU and BND leakage between vCPU-s

Source: XF
Type: UNKNOWN
xen-mpx-info-disc(127487)

Source: GENTOO
Type: UNKNOWN
GLSA-201708-03

Source: CONFIRM
Type: Mailing List, Mitigation, Vendor Advisory
https://xenbits.xen.org/xsa/advisory-220.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:4.5.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.5.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.5.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.5.3:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.5.5:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.6.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.6.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.6.2:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.6.4:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.6.5:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.7.1:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.8.0:*:*:*:*:*:*:*

OR cpe:/o:xen:xen:4.8.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.5:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.6:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.7:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55523	P	Security update for sudo (Moderate)	2023-03-29
oval:org.opensuse.security:def:201710916	V	CVE-2017-10916	2022-05-20
oval:org.opensuse.security:def:55285	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:39388	P	Security update for postgresql10 (Important)	2021-11-17
oval:org.opensuse.security:def:55968	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:40071	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:20492	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:14954	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15101	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14946	P	libIlmImf-Imf_2_1-21-2.1.0-6.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15050	P	libpcsclite1-1.8.10-7.6.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15145	P	perl-DBD-mysql-4.021-12.5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14980	P	libcares2-1.9.1-9.4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:15121	P	minicom-2.7-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:19517	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:20466	P	Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP5) (Important)	2021-07-14
oval:org.opensuse.security:def:41897	P	Security update for xorg-x11-libX11 (Important)	2021-06-15
oval:org.opensuse.security:def:15341	P	libQt5WebKit5-5.6.1-9.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15239	P	DirectFB-1.7.1-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15325	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56031	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:42615	P	libpixman-1-0-0.24.4-0.15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15314	P	gpg2-2.0.24-3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42660	P	openCryptoki-3.2-0.11.26 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15979	P	libXext-devel-1.3.2-3.60 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15266	P	coolkey-1.1.0-147.67 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16002	P	libcurl-devel-7.37.0-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:56981	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:55858	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:55123	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:41926	P	PackageKit-0.3.14-2.12.105 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:55122	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:41977	P	kdebase3-runtime-3.5.10-20.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:19373	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:41736	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:39053	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:41024	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19551	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:56862	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:56453	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:55620	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:19734	P	Security update for libnettle (Moderate)	2020-12-01
oval:org.opensuse.security:def:55145	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56646	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:41025	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:56137	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:55696	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:39360	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:41280	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:56696	P	Security update for drm (Moderate)	2020-12-01
oval:org.opensuse.security:def:38665	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56253	P	Security update for compat-openssl098 (Moderate)	2020-12-01
oval:org.opensuse.security:def:19338	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:41560	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:19828	P	Security update for Linux Kernel Live Patch 22 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:38963	P	libfbembed2_5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56788	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:39272	P	Security update for SLES 12-SP2 Docker image (Important)	2020-12-01
oval:org.opensuse.security:def:40113	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:55480	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:19701	P	Security update for Linux Kernel Live Patch 13 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:56565	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:19330	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:39321	P	Security update for compat-openssl098 (Important)	2020-12-01
oval:org.opensuse.security:def:41128	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:56588	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:38581	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39433	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:55457	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:41458	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:19804	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:38905	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:19459	P	Security update for flac (Moderate)	2020-12-01
oval:org.opensuse.security:def:41800	P	Security update for libpng16 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39213	P	libstaroffice-0_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55458	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:19589	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:56900	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:38569	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56527	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:41852	P	Security update for gdk-pixbuf (Moderate)	2020-12-01
oval:org.opensuse.security:def:41036	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:56303	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:38570	P	cups-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55802	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:41389	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:19792	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38802	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56361	P	Security update for freetype2 (Important)	2020-12-01
oval:com.ubuntu.xenial:def:2017109160000000	V	CVE-2017-10916 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-05
oval:com.ubuntu.trusty:def:201710916000	V	CVE-2017-10916 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-04
oval:com.ubuntu.xenial:def:201710916000	V	CVE-2017-10916 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-04

BACK