Base Score

HIGH8.8

CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.

VectorLOCAL

Published Bycve@mitre.org

Published DateMay 11, 2017, 19:29

Weakness Type (CWE):CWE-682

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.securityfocus.com/bid/98436
http://www.securitytracker.com/id/1038388
https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/
https://security.gentoo.org/glsa/201705-11
https://xenbits.xen.org/xsa/advisory-215.html

Base Score

HIGH8.8

Weakness Type (CWE):CWE-682

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH