Information disclosure in Xen - CVE-2017-17046
Published: October 4, 2017 / Updated: July 28, 2020
Vulnerability identifier: #VU8671
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-17046
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The weakness exists in ARM systems due to the improper scrubbing of DRAM content during reboots when memory is in disjoint blocks or when the first block isn't at physical address 0. An adjacent attacker gain access to arbitrary data on the target system.
The weakness exists in ARM systems due to the improper scrubbing of DRAM content during reboots when memory is in disjoint blocks or when the first block isn't at physical address 0. An adjacent attacker gain access to arbitrary data on the target system.
How to mitigate CVE-2017-17046
Install update from vendor's website.