Gentoo update for Xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 19 |
| CVE-ID | CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-3620 CVE-2018-3646 CVE-2018-5244 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 |
| CWE-ID | CWE-200 CWE-787 CWE-835 CWE-190 CWE-264 CWE-119 CWE-400 CWE-476 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #2 is being exploited in the wild. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5715
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU9884
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-5753
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Information disclosure
EUVDB-ID: #VU9882
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-5754
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Out-of-bounds write
EUVDB-ID: #VU12542
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-10471
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to an unconditional write attempt of the value zero to an address near 2^64. An adjacent attacker can cause the service to crash or execute arbitrary code via unexpected INT 80 processing.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU12543
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10472
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU12647
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10981
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to a failure to reject invalid transitions between states. An adjacent attacker can submit a specially crafted request designed to force the QEMU device model on the system to switch the request between two states, trigger infinite loop and cause the service to crash.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU12648
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10982
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU13520
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12891
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists on x86 systems due to unspecified flaw. An adjacent attacker can invoke certain PV MMU operations to preempt the current vCPU, prevent use of a physical CPU and cause the system to crash.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU13522
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-12892
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker with administrative privileges to bypass security restrictions on the target system.
The vulnerability exists on x86 systems due to a flaw in libxl. An adjacent attacker can bypass the read-only restrictions on a SCSI disk image in certain cases.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU13521
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12893
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists on x86 systems due to unspecified flaw. An adjacent attacker can invoke hardware debugging facilities, trigger a debug exception and cause the system to crash.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Denial of service
EUVDB-ID: #VU14476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15468
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent administrative attacker to cause DoS condition on the target system.
The vulnerability exists due to the DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not when Branch Trace Store is not virtualised by the processor. An adjacent attacker can lock up the entire host, choose any MSR_DEBUGCTL setting it likes and cause the service to crash.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Denial of service
EUVDB-ID: #VU14472
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15469
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to improper implementation of version 2 of grant tables in the affected software, in the hypervisor or in Linux. An adjacent attacker can request version 2 grant tables, trigger a BUG() check and cause the service to crash.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU14473
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15470
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to the affected software fails to enforce the quota-maxentity setting. An adjacent attacker can write an excessive number of XenStore entries, trigger unbounded memory usage and cause the service to crash.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Side-channel attack
EUVDB-ID: #VU14411
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3620
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Side-channel attack
EUVDB-ID: #VU14412
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3646
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory corruption
EUVDB-ID: #VU15586
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-5244
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent administrative attacker to cause DoS condition on the guest system.
The vulnerability exists due to one tracking structure isn't freed when a vcpu is destroyed as new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. A remote attacker can trigger host OS memory consumption and cause the system to crash by rebooting many times.
MitigationUpdate the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Resource exhaustion
EUVDB-ID: #VU10780
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-7540
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.
The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU10779
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.
The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU12546
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-7542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference. An adjacent attacker can cause the service to crash by leveraging the mishandling of configurations that lack a Local APIC.
Update the affected packages.
app-emulation/xen to version: 4.10.1-r2
app-emulation/xen-tools to version: 4.10.1-r2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201810-06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
