VDB
ALPINE-CVE-2017-8905
ALPINE-CVE-2017-8905
PUBLISHED
CVSS 8.800000190734863 HIGH
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.3 | xen | 4.0.1-r2, 4.0.1-r0, 4.0.1-r3 |
| Alpine:v3.4 | xen | 0, 4.3.0-r2, 0 |
| Alpine:v3.5 | xen | 4.2.0-r3, 4.2.0-r4, 4.2.0-r5 |
Timeline
- May 11, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated