CVE-2017-15596

MEDIUM

Xen 4.4.x-4.9.x - Denial of Service via Lock Mishandling on ARM

Title source: llm
STIX 2.1

Description

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3969
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://xenbits.xen.org/xsa/advisory-235.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039568

Scores

CVSS v3 6.0
EPSS 0.0008
EPSS Percentile 23.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (22)
xen/xen 4.4.0 (7 CPE variants)
xen/xen 4.4.1 (3 CPE variants)
xen/xen 4.4.2 (3 CPE variants)
xen/xen 4.4.3 (2 CPE variants)
xen/xen 4.4.4
xen/xen 4.5.0 (5 CPE variants)
xen/xen 4.5.1 (3 CPE variants)
xen/xen 4.5.2
xen/xen 4.5.3
xen/xen 4.5.4
... and 12 more
Published Oct 18, 2017
Tracked Since Feb 18, 2026