SB2018051201 - OpenSUSE Linux update for xen 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018051201

SB2018051201 - OpenSUSE Linux update for xen

Published: May 12, 2018

Security Bulletin ID SB2018051201
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 14% Medium 14% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2018-10471)

The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to an unconditional write attempt of the value zero to an address near 2^64. An adjacent attacker can cause the service to crash or execute arbitrary code via unexpected INT 80 processing.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2018-10472)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.


3) Resource exhaustion (CVE-ID: CVE-2018-7540)

The vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.

The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.

4) Memory corruption (CVE-ID: CVE-2018-7541)

The vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.

The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.

5) NULL pointer dereference (CVE-ID: CVE-2018-7542)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference. An adjacent attacker can cause the service to crash by leveraging the mishandling of configurations that lack a Local APIC.

6) Privilege escalation (CVE-ID: CVE-2018-8897)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper implementation of Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) on multiple system kernels, which results in an unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. A local user can execute arbitrary code with elevated privileges.


7) Information disclosure (CVE-ID: CVE-2017-5754)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.


Remediation

Install update from vendor's website.

References