CVE-2017-8905

Опубликовано: 11 мая 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

Ссылки

http://www.securityfocus.com/bid/98436
http://www.securitytracker.com/id/1038388
https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
Vendor Advisory
https://security.gentoo.org/glsa/201705-11
https://xenbits.xen.org/xsa/advisory-215.html
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98436
http://www.securitytracker.com/id/1038388
https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
Vendor Advisory
https://security.gentoo.org/glsa/201705-11
https://xenbits.xen.org/xsa/advisory-215.html
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00087

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-682

Связанные уязвимости

CVE-2017-8905

CVSS3: 8.8

ubuntu

больше 8 лет назад

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

CVE-2017-8905

CVSS3: 8.5

redhat

почти 9 лет назад

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

CVE-2017-8905

CVSS3: 8.8

debian

больше 8 лет назад

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, ...

GHSA-fff9-ccrg-mjcr

CVSS3: 8.8

github

больше 3 лет назад

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

SUSE-SU-2017:1715-1

suse-cvrf

больше 8 лет назад

Security update for xen

EPSS

Процентиль: 25%

0.00087

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-682