Denial of service in Xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-7542 CVE-2018-7541 CVE-2018-7540 |
| CWE-ID | CWE-476 CWE-119 CWE-400 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU10778
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to a NULL pointer dereference in multiple paths without the presence of a Local APIC. An adjacent attacker can crash the hypervisor and cause a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.8.0 - 4.8.3
CPE2.3- cpe:2.3:a:xen_project:xen:4.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.8.2:*:*:*:*:*:*:*
https://xenbits.xen.org/xsa/advisory-256.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU10779
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.
The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.
Install update from vendor's website.
Vulnerable software versionsXen: 4.10.0
CPE2.3 External linkshttps://xenbits.xen.org/xsa/advisory-255.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU10780
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-7540
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.
The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsXen: 4.10.0
CPE2.3 External linkshttps://xenbits.xen.org/xsa/advisory-252.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
