ALPINE-CVE-2017-10916

ALPINE-CVE-2017-10916 PUBLISHED CVSS 7.5 HIGH

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.14	xen	4.0.1-r2, 4.0.1-r3, 4.1.0-r1
Alpine:v3.18	xen	4.6.0-r1, 0, 4.0.1-r0
Alpine:v3.19	xen	4.1.0-r0, 4.8.1-r4, 4.8.1-r3
Alpine:v3.10	xen	4.2.1-r7, 4.8.1-r4, 4.8.1-r3
Alpine:v3.12	xen	4.8.1-r4, 0, 4.0.1-r0
Alpine:v3.23	xen	4.7.1-r2, 0, 4.0.1-r0
Alpine:v3.11	xen	4.2.1-r3, 4.2.1-r4, 4.2.1-r5
Alpine:v3.3	xen	4.1.2-r12, 4.0.1-r2, 4.0.1-r3
Alpine:v3.8	xen	4.2.1-r9, 4.2.0-r7, 4.1.2-r5
Alpine:v3.4	xen	4.6.3-r6, 4.1.2-r3, 4.6.3-r9
Alpine:v3.22	xen	4.1.2-r10, 4.8.1-r4, 4.8.1-r3
Alpine:v3.16	xen	4.2.1-r11, 4.2.1-r2, 4.8.1-r4
Alpine:v3.17	xen	0, 4.0.1-r1, 4.0.1-r2
Alpine:v3.6	xen	4.4.1-r7, 4.8.1-r4, 4.8.1-r3
Alpine:v3.20	xen	4.2.1-r1, 4.2.2-r8, 4.2.2-r6
Alpine:v3.5	xen	4.5.1-r2, 4.7.2-r4, 4.7.2-r3
Alpine:v3.9	xen	4.1.3-r0, 4.2.0-r0, 4.2.0-r1
Alpine:v3.15	xen	4.7.1-r1, 4.0.1-r0, 4.0.1-r1
Alpine:v3.21	xen	4.1.3-r0, 4.1.2-r9, 4.1.2-r8
Alpine:v3.7	xen	4.6.0-r2, 4.8.1-r4, 4.8.1-r3

…and 1 more

Timeline

Jul 5, 2017 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-10916 advisory

Open in Interactive Console →