PT-2018-2684 · Xen+4 · Xen+4

Andy Lutomirski

Publicado

2018-07-24

Atualizado

2023-02-24

CVE-2018-14678

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17.12 Xen versions prior to 4.11.x

Description An issue in the Linux kernel and Xen hypervisor allows local users to cause a denial of service or possibly gain privileges. The xen failsafe callback entry point does not properly maintain the RBX register, leading to uninitialized memory usage and system crash. Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash. The vulnerability is related to insufficient access control in the xen failsafe callback function.

Recommendations For Linux kernel versions prior to 4.17.12, update to version 4.17.12 or later to resolve the issue. For Xen versions prior to 4.11.x, update to a version later than 4.11.x to resolve the issue. As a temporary workaround, consider restricting access to the xen failsafe callback entry point to minimize the risk of exploitation.

Correção

DoS

Improper Initialization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-665CWE-264

Identificadores relacionados

ALT-PU-2018-2108

ALT-PU-2018-2110

ALT-PU-2018-2181

BDU:2019-01344

CVE-2018-14678

DLA-1529-1

DLA-1531-1

DSA-4308-1

MGASA-2018-0337

MGASA-2018-0340

MGASA-2018-0341

SUSE-SU-2018:3084-1

USN-3931-1

USN-3931-2

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

Xen

PT-2018-2684 · Xen+4 · Xen+4

CVE-2018-14678

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 155