Multiple vulnerabilities in Xen
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-10981 CVE-2018-10982 |
| CWE-ID | CWE-835 CWE-190 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU12647
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10981
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to a failure to reject invalid transitions between states. An adjacent attacker can submit a specially crafted request designed to force the QEMU device model on the system to switch the request between two states, trigger infinite loop and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsXen: 4.6.0 - 4.10.0
External linkshttp://xenbits.xen.org/xsa/advisory-262.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU12648
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10982
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
Install update from vendor's website.
Vulnerable software versionsXen: 4.6.0 - 4.10.0
External linkshttp://xenbits.xen.org/xsa/advisory-261.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
