Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service
(host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data
structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for
CVE-2017-15595. (CVE-2018-19966)
- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
via a terminal page fault and a side-channel analysis. (CVE-2018-3620)
- Systems with microprocessors utilizing speculative execution and address translations may allow
unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
with guest OS privilege via a terminal page fault and a side-channel analysis. (CVE-2018-3646)
- An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some
of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the
processor, and software has to be careful to configure it suitably not to lock up the core. As a result,
it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all
value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or
buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of
Service. (CVE-2018-15468)
- An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in
the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will
simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An
unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).
(CVE-2018-15469)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/10/2018
Reference Information
CVE: CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-19961, CVE-2018-19962, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967, CVE-2018-3620, CVE-2018-3646
BID: 105080, 105817, 105954, 106182
IAVA: 2018-A-0253-S, 2018-A-0353-S
IAVB: 2018-B-0111-S, 2018-B-0142-S, 2018-B-0149-S