[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-8905Date: (C)2017-05-12   (M)2023-12-22


Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 6.8
Exploit Score: 2.0Exploit Score: 3.1
Impact Score: 6.0Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: COMPLETE
Scope: CHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038388
BID-98436
GLSA-201705-11
https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
https://xenbits.xen.org/xsa/advisory-215.html

CPE    1
cpe:/o:xen:xen:4.6.0
CWE    1
CWE-682
OVAL    5
oval:org.secpod.oval:def:1800062
oval:org.secpod.oval:def:1800792
oval:org.secpod.oval:def:1800328
oval:org.secpod.oval:def:112374
...

© SecPod Technologies