nvd-json-data-feeds/CVE-2017/CVE-2017-170xx/CVE-2017-17046.json

{
  "id": "CVE-2017-17046",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2017-11-28T23:29:00.320",
  "lastModified": "2018-10-19T10:29:05.067",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Xen hasta la versi\u00f3n 4.9.x en la plataforma ARM que permite que usuarios invitados del sistema operativo obtengan informaci\u00f3n sensible del DRAM tras un reinicio, ya que se gestionan de manera incorrecta los bloques no contiguos y las direcciones f\u00edsicas que no empiezan en cero."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "4.9.1",
              "matchCriteriaId": "216B1C01-EDB2-43CA-822C-F4959DA6D76D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.gentoo.org/glsa/201801-14",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://xenbits.xen.org/xsa/advisory-245.html",
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}