{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "99159", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99159"}, {"name": "1038733", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038733"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-223.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-10919", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201708-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "99159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99159"}, {"name": "1038733", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038733"}, {"name": "https://xenbits.xen.org/xsa/advisory-223.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-223.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.714Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201708-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-03"}, {"name": "DSA-3969", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3969"}, {"name": "99159", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99159"}, {"name": "1038733", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038733"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-223.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-10919", "datePublished": "2017-07-05T01:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2024-08-05T17:50:12.714Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "7494A471-EEFC-44F4-96B1-FDBA3B780313", "versionEndIncluding": "4.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223."}, {"lang": "es", "value": "Xen hasta la versi\u00f3n 4.8.x, maneja inapropiadamente la inyecci\u00f3n de interrupci\u00f3n virtual, que permite a los usuarios del sistema operativo invitado causar una denegaci\u00f3n de servicio (bloqueo del hypervisor), tambi\u00e9n se conoce como XSA-223."}], "id": "CVE-2017-10919", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-05T01:29:00.800", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99159"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1038733"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-223.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201708-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-223.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Julien Grall (ARM) as the original reporter.", "bugzilla": {"description": "xen: ARM guest disabling interrupt may crash Xen (XSA-223)", "id": "1458877", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458877"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "draft"}, "details": ["Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223."], "mitigation": {"lang": "en:us", "value": "On systems where the guest kernel is controlled by the host rather than\nguest administrator, running only kernels which do not disable SGI and\nPPI (i.e IRQ < 32) will prevent untrusted guest users from exploiting\nthis issue. However untrusted guest administrators can still trigger it\nunless further steps are taken to prevent them from loading code into\nthe kernel (e.g by disabling loadable modules etc) or from using other\nmechanisms which allow them to run code at kernel privilege."}, "name": "CVE-2017-10919", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2017-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-10919\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10919\nhttp://xenbits.xen.org/xsa/advisory-223.html"], "threat_severity": "Moderate"}