CVE-2018-10982 - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of s

CVE-2018-10982

Summary

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.8.0:*:*:*:*:*:x86:*
cpe:2.3:o:xen:xen:4.8.0:*:*:*:*:*:x86:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	104150
confirm	http://openwall.com/lists/oss-security/2018/05/08/2 https://xenbits.xen.org/xsa/advisory-261.html
debian	DSA-4201
gentoo	GLSA-201810-06
mlist	[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update [debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update

Last major update

03-10-2019 - 00:03

Published

10-05-2018 - 23:29

Last modified

03-10-2019 - 00:03