PT-2018-3389 · Intel+1 · Xen+1

Sergey Dyasli

Published

2018-10-31

Updated

2024-06-15

CVE-2018-18883

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Xen versions 4.9.x through 4.11.x

Description: An issue in Xen on Intel x86 platforms allows x86 HVM and PVH guests to cause a host OS denial of service or possibly have other impact due to improper restriction of nested VT-x, leading to a NULL pointer dereference. The vulnerability can be exploited to cause a denial of service.

Recommendations: For Xen versions 4.9.x through 4.11.x, consider restricting the use of nested VT-x to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the functionality of x86 HVM and PVH guests may help reduce the risk of a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2020-00736

CVE-2018-18883

OPENSUSE-SU-2018_4111-1

OPENSUSE-SU-2018_4304-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2018:4070-1

SUSE-SU-2018:4300-1

SUSE-SU-2019:0003-1

Affected Products

Suse

Xen

PT-2018-3389 · Intel+1 · Xen+1

CVE-2018-18883

Weakness Enumeration

Related Identifiers

Affected Products

References · 138