CVE-2017-10917

CRITICAL9.1EPSS 0.84%

Published: 7/5/2017Modified: 12/3/2025

Also known as:ALPINE-CVE-2017-10917DEBIAN-CVE-2017-10917

Description

Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.

Affected packages (2)

Alpine/xenfrom 0, < 4.9.0-r0
Debian/xenfrom 0, < 4.8.1-1+deb9u3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2017-10917
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-10917