DEBIAN-CVE-2017-10916

DEBIAN-CVE-2017-10916 PUBLISHED CVSS 7.5 HIGH

The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	xen	0, 0, 0
Debian:13	xen	0, 0, 0
Debian:12	xen	0, 0, 0
Debian:14	xen	0, 0, 0

Timeline

Jul 5, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-10916 advisory

Open in Interactive Console →