Detections
Analytics

Alpine: xen: security update to 4.9.2-r2

high Tenable Cloud Security Plugin ID 407908

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's
 Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in
 unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for
 example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel
 crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and
 single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A;
 section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS
 instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF)
 system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS
 instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating
 system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels
 may not expect this order of events and may therefore experience unexpected behavior when it occurs.
 (CVE-2018-8897)

 - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service
 (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions
 between states of a request. (CVE-2018-10981)

 - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service
 (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor
 privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt
 injection. (CVE-2018-10982)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-8897

https://security.alpinelinux.org/vuln/CVE-2018-10981

https://security.alpinelinux.org/vuln/CVE-2018-10982

Plugin Details

Severity: High

ID: 407908

Version: Revision 1.36

Type: Local

Published: 10/31/2023

Updated: 4/20/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8897

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2018-10982

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/18/2018

Exploitable With

Metasploit (Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability)

Reference Information

CVE: CVE-2018-10981, CVE-2018-10982, CVE-2018-8897

BID: 104071, 104149, 104150

IAVA: 2018-A-0144-S

IAVB: 2018-B-0061-S