Detections
Analytics
Alpine: multiple xen packages: security update to 4.11.1-r0
high Tenable Cloud Security Plugin ID 424700
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service
(host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data
structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for
CVE-2017-15595. (CVE-2018-19966)
- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
via a terminal page fault and a side-channel analysis. (CVE-2018-3620)
- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
with guest OS privilege via a terminal page fault and a side-channel analysis. (CVE-2018-3646)
See Also
https://security.alpinelinux.org/vuln/CVE-2018-3620
https://security.alpinelinux.org/vuln/CVE-2018-3646
https://security.alpinelinux.org/vuln/CVE-2018-15468
https://security.alpinelinux.org/vuln/CVE-2018-15469
https://security.alpinelinux.org/vuln/CVE-2018-15470
https://security.alpinelinux.org/vuln/CVE-2018-18883
https://security.alpinelinux.org/vuln/CVE-2018-19961
https://security.alpinelinux.org/vuln/CVE-2018-19962
https://security.alpinelinux.org/vuln/CVE-2018-19963
https://security.alpinelinux.org/vuln/CVE-2018-19964
https://security.alpinelinux.org/vuln/CVE-2018-19965
Plugin Details
Severity: High
ID: 424700
Version: Revision 1.7
Type: Local
Published: 4/4/2025
Updated: 5/31/2025
Supported Sensors: Agentless Assessment
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-19966
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/10/2018
Reference Information
CVE: CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-19961, CVE-2018-19962, CVE-2018-19963, CVE-2018-19964, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967, CVE-2018-3620, CVE-2018-3646
BID: 105080, 105817, 106182, 105954
IAVA: 2018-A-0253-S, 2018-A-0353-S
IAVB: 2018-B-0111-S, 2018-B-0142-S, 2018-B-0149-S