Base Score

HIGH8.8

CVE-2017-15590

An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.

VectorLOCAL

Published Bycve@mitre.org

Published DateOct 18, 2017, 08:29

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.securityfocus.com/bid/101500
http://www.securitytracker.com/id/1039568
https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html
https://security.gentoo.org/glsa/201801-14
https://support.citrix.com/article/CTX228867
https://www.debian.org/security/2017/dsa-4050
https://xenbits.xen.org/xsa/advisory-237.html

Base Score

HIGH8.8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH