CVE-2017-10916

Name	CVE-2017-10916
Description	The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	medium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
xen (PTS)	jessie (security), jessie	4.4.1-9+deb8u10	fixed
	buster, sid, stretch	4.8.3+comet2+shim4.10.0+comet3-1+deb9u5	fixed
	stretch (security)	4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
xen	source	(unstable)	4.8.1-1+deb9u3	medium
xen	source	jessie	(not affected)
xen	source	stretch	4.8.1-1+deb9u3	medium
xen	source	wheezy	(not affected)

Notes

[jessie] - xen <not-affected> (Vulnerable code not present)
[wheezy] - xen <not-affected> (Vulnerable code not present)
https://xenbits.xen.org/xsa/advisory-220.html