PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9817 Xen CVE debrief

CVE-2016-9817 describes a denial-of-service issue in Xen on ARM systems. According to NVD, local ARM guest OS users on affected Xen 4.7.x hosts can cause the hypervisor to crash by provoking a data abort or prefetch abort with the ESR_EL2.EA bit set. The issue is availability-only but affects the host, so even a local-privilege attack inside a guest can take down the Xen host.

Vendor
Xen
Product
CVE-2016-9817
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-27
Original CVE updated
2026-05-13
Advisory published
2017-02-27
Advisory updated
2026-05-13

Who should care

Organizations running Xen on ARM hardware, especially hosts exposed to untrusted or multi-tenant guest workloads. Xen administrators, virtualization/platform teams, and cloud operators should prioritize this if any ARM Xen 4.7.0 or 4.7.1 deployments remain in service.

Technical summary

NVD lists Xen 4.7.0 and 4.7.1 as vulnerable and assigns CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H, indicating a local, low-privilege path to a high availability impact. The reported condition involves ARM exception handling: a guest-triggered data abort or prefetch abort can set ESR_EL2.EA and lead to a host crash. The primary weakness category recorded by NVD is CWE-284.

Defensive priority

Medium overall, but high priority for any ARM Xen deployment that hosts untrusted guests or production workloads. Because the impact is host-level denial of service, remediation should be scheduled promptly even though the vector is local.

Recommended defensive actions

  • Check whether any Xen ARM hosts are running 4.7.0 or 4.7.1, the versions marked vulnerable in NVD.
  • Review Xen Security Advisory 201 and apply the vendor-provided fix or an equivalent patched release.
  • If immediate patching is not possible, reduce exposure from untrusted guest tenants and treat affected ARM hosts as at-risk for host-level crashes.
  • After remediation, validate that the patched hypervisor is in use and reboot or cycle hosts as required by your maintenance process.
  • Monitor ARM Xen hosts for unexpected crashes and correlate any guest-originated fault patterns with this issue during the remediation window.

Evidence notes

CVE publication time is 2017-02-27T22:59:00.603Z; the 2026-05-13 modified timestamp reflects later record maintenance and should not be treated as the issue date. The supplied NVD record identifies affected CPEs for Xen 4.7.0 and 4.7.1, describes the ARM guest-triggered host crash, and provides the CVSS vector AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. Reference links include the Xen advisory XSA-201, associated patch URLs, and earlier oss-security mailing list references, indicating vendor and community coordination around the fix.

Official resources

Published by the CVE record on 2017-02-27. The corpus also includes pre-publication 2016 mailing list and Xen advisory references, but the CVE issue date remains the 2017 publication timestamp.