CVE-2018-15471

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.11.x Linux kernel versions prior to 4.18.1

Description: The issue is related to the xenvif set hash mapping function in the Xen hypervisor, which is connected to an integer overflow when handling requests to the netback driver. This can allow an attacker to gain unauthorized access to information and disrupt its integrity and availability. The Linux netback driver allows frontends to control the mapping of requests to request queues. When processing a request to set or change this mapping, some input validation was missing or flawed, leading to out-of-bounds access in hash handling. A malicious or buggy frontend may cause the backend to make out-of-bounds memory accesses, potentially resulting in privilege escalation, Denial of Service (DoS), or information leaks.

Recommendations: For Xen versions prior to 4.11.x, update to a version that includes the fix for the xenvif set hash mapping function. For Linux kernel versions prior to 4.18.1, update to a version that includes the fix for the netback driver. As a temporary workaround, consider restricting access to the netback driver to minimize the risk of exploitation.