{"id":"CVE-2017-8905","details":"Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.","modified":"2026-03-15T22:18:03.359437Z","published":"2017-05-11T19:29:00.303Z","related":["SUSE-SU-2017:1715-1","SUSE-SU-2017:1770-1","SUSE-SU-2017:1795-1","SUSE-SU-2017:1812-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038388"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98436"},{"type":"ADVISORY","url":"https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-11"},{"type":"FIX","url":"https://xenbits.xen.org/xsa/advisory-215.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-8905.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}