#VU14475 Integer overflow in Xen - CVE-2018-15471

Cybersecurity Help s.r.o.

Published: 2018-08-21

Vulnerability identifier: #VU14475

Vulnerability risk: Low

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-15471

CWE-ID: CWE-190

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The vulnerability exists in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c due to integer overflow when handling malicious input. An adjacent attacker can supply a malicious or buggy frontend request to set or change mapping of requests to request queues, cause the (usually privileged) backend to make out of bounds memory accesses and gain access to arbitrary data, cause the service to crash or gain elevated privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Xen: 4.6.0 - 4.11.0

External links
https://xenbits.xen.org/xsa/advisory-270.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Linux Kernel

Debian update for linux

Integer overflow in xen (Alpine package)

Multiple vulnerabilities in Xen