CVE-2018-12891

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.

References

http://www.openwall.com/lists/oss-security/2018/06/27/10

http://www.securityfocus.com/bid/104570

http://www.securitytracker.com/id/1041201

http://xenbits.xen.org/xsa/advisory-264.html

https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html

https://security.gentoo.org/glsa/201810-06

https://support.citrix.com/article/CTX235748

https://www.debian.org/security/2018/dsa-4236

Details

Source: MITRE

Published: 2018-07-02

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.10.1 (inclusive)

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
123224openSUSE Security Update : xen (openSUSE-2019-533)NessusSuSE Local Security Checks
critical
120682Fedora 28 : xen (2018-a7862a75f5)NessusFedora Local Security Checks
critical
120050SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:1981-1)NessusSuSE Local Security Checks
critical
118892Debian DLA-1577-1 : xen security updateNessusDebian Local Security Checks
high
118506GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)NessusGentoo Local Security Checks
critical
118277SUSE SLES12 Security Update : xen (SUSE-SU-2018:2081-2)NessusSuSE Local Security Checks
critical
112147SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
111565openSUSE Security Update : xen (openSUSE-2018-803)NessusSuSE Local Security Checks
critical
111433SUSE SLES12 Security Update : xen (SUSE-SU-2018:2081-1)NessusSuSE Local Security Checks
critical
111418openSUSE Security Update : xen (openSUSE-2018-766)NessusSuSE Local Security Checks
critical
111379Xen Project x86 Paravirtualization Local DoS (XSA-264)NessusMisc.
medium
111378Citrix XenServer Multiple Vulnerabilities (CTX235748)NessusMisc.
medium
111371SUSE SLES12 Security Update : xen (SUSE-SU-2018:2069-1)NessusSuSE Local Security Checks
high
111348SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:2059-1)NessusSuSE Local Security Checks
critical
111346SUSE SLES12 Security Update : xen (SUSE-SU-2018:2056-1)NessusSuSE Local Security Checks
high
111261SUSE SLES11 Security Update : xen (SUSE-SU-2018:2037-1)NessusSuSE Local Security Checks
high
111236Fedora 27 : xen (2018-1a467757ce)NessusFedora Local Security Checks
critical
110787Debian DSA-4236-1 : xen - security updateNessusDebian Local Security Checks
critical