CVE-2018-7541HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
References
http://www.securityfocus.com/bid/103177
http://www.securitytracker.com/id/1040775
https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
https://security.gentoo.org/glsa/201810-06
https://support.citrix.com/article/CTX232096
https://support.citrix.com/article/CTX232655
Details
Source: MITRE
Published: 2018-02-27
Updated: 2019-10-03
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 6.1
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Impact Score: 8.5
Exploitability Score: 3.9
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 2
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.10.0 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 140019 | OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre) | Nessus | OracleVM Local Security Checks | critical |
| 118963 | OracleVM 3.2 : xen (OVMSA-2018-0272) (Foreshadow) (Spectre) | Nessus | OracleVM Local Security Checks | high |
| 118962 | OracleVM 3.3 : xen (OVMSA-2018-0271) (Foreshadow) (Spectre) | Nessus | OracleVM Local Security Checks | high |
| 118892 | Debian DLA-1577-1 : xen security update | Nessus | Debian Local Security Checks | high |
| 118506 | GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre) | Nessus | Gentoo Local Security Checks | critical |
| 111992 | OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre) | Nessus | OracleVM Local Security Checks | critical |
| 109987 | OracleVM 3.4 : xen (OVMSA-2018-0218) (Meltdown) (Spectre) | Nessus | OracleVM Local Security Checks | high |
| 109751 | openSUSE Security Update : xen (openSUSE-2018-454) (Meltdown) | Nessus | SuSE Local Security Checks | high |
| 109677 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:1184-1) (Meltdown) | Nessus | SuSE Local Security Checks | high |
| 109001 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0909-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
| 108887 | Citrix XenServer Multiple Vulnerabilities (CTX232655) | Nessus | Misc. | critical |
| 108886 | Citrix XenServer Multiple Vulnerabilities (CTX232096) | Nessus | Misc. | high |
| 108492 | Fedora 26 : xen (2018-0746dac335) | Nessus | Fedora Local Security Checks | high |
| 108369 | SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
| 107176 | Fedora 27 : xen (2018-c553a586c8) | Nessus | Fedora Local Security Checks | high |
| 107134 | Debian DLA-1300-1 : xen security update | Nessus | Debian Local Security Checks | high |
| 107130 | OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre) | Nessus | OracleVM Local Security Checks | high |
| 107129 | OracleVM 3.4 : xen (OVMSA-2018-0020) (Meltdown) (Spectre) | Nessus | OracleVM Local Security Checks | high |
| 107123 | Debian DSA-4131-1 : xen - security update | Nessus | Debian Local Security Checks | high |
| 107098 | Xen gnttab_map_frame() Function Missing Mapping Check Upgrade Guest-to-host DoS (XSA-255) | Nessus | Misc. | high |