CVE-2017-17046

2017-11-2800:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

18.6%

JSON

An issue was discovered in Xen through 4.9.x on the ARM platform allowing
guest OS users to obtain sensitive information from DRAM after a reboot,
because disjoint blocks, and physical addresses that do not start at zero,
are mishandled.

Notes

Author	Note
mdeslaur	hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxen< 4.9.2-0ubuntu1UNKNOWN
ubuntu18.10noarchxen< 4.9.2-0ubuntu1UNKNOWN
ubuntu19.04noarchxen< 4.9.2-0ubuntu1UNKNOWN
ubuntu16.04noarchxen< 4.6.5-0ubuntu1.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xen	< 4.9.2-0ubuntu1	UNKNOWN
ubuntu	18.10	noarch	xen	< 4.9.2-0ubuntu1	UNKNOWN
ubuntu	19.04	noarch	xen	< 4.9.2-0ubuntu1	UNKNOWN
ubuntu	16.04	noarch	xen	< 4.6.5-0ubuntu1.4	UNKNOWN