CVE-2018-10471

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.

References

http://www.securityfocus.com/bid/104003

https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html

https://security.gentoo.org/glsa/201810-06

https://www.debian.org/security/2018/dsa-4201

https://xenbits.xen.org/xsa/advisory-259.html

Details

Source: MITRE

Published: 2018-04-27

Updated: 2018-10-31

Type: CWE-787

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.10.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
120843Fedora 28 : xen (2018-dbebca30d0)NessusFedora Local Security Checks
medium
118506GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)NessusGentoo Local Security Checks
critical
118304SUSE SLES12 Security Update : xen (SUSE-SU-2018:3230-1) (Meltdown)NessusSuSE Local Security Checks
high
118215Debian DLA-1549-1 : xen security updateNessusDebian Local Security Checks
critical
109816Debian DSA-4201-1 : xen - security updateNessusDebian Local Security Checks
high
109756SUSE SLES12 Security Update : xen (SUSE-SU-2018:1216-1) (Meltdown)NessusSuSE Local Security Checks
high
109751openSUSE Security Update : xen (openSUSE-2018-454) (Meltdown)NessusSuSE Local Security Checks
high
109746Fedora 26 : xen (2018-eb69078020)NessusFedora Local Security Checks
medium
109722SUSE SLES11 Security Update : xen (SUSE-SU-2018:1203-1) (Meltdown)NessusSuSE Local Security Checks
high
109721SUSE SLES12 Security Update : xen (SUSE-SU-2018:1202-1) (Meltdown)NessusSuSE Local Security Checks
high
109677SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown)NessusSuSE Local Security Checks
high
109676SUSE SLES11 Security Update : xen (SUSE-SU-2018:1181-1) (Meltdown)NessusSuSE Local Security Checks
high
109672SUSE SLES12 Security Update : xen (SUSE-SU-2018:1177-1) (Meltdown)NessusSuSE Local Security Checks
high
109574Xen arch/x86/x86_64/entry.S Exception Handling Guest-to-host DoS (XSA-259)NessusMisc.
medium
109519Fedora 27 : xen (2018-604574c943)NessusFedora Local Security Checks
medium