Vulnerability Details : CVE-2018-15469
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash).
Vulnerability category: Denial of service
Products affected by CVE-2018-15469
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15469
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15469
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
2.0
|
4.0
|
NIST |
CWE ids for CVE-2018-15469
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15469
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
[SECURITY] [DLA 1577-1] xen security updateThird Party Advisory
-
https://security.gentoo.org/glsa/201810-06
Xen: Multiple vulnerabilities (GLSA 201810-06) — Gentoo securityThird Party Advisory
-
http://xenbits.xen.org/xsa/advisory-268.html
XSA-268 - Xen Security AdvisoriesPatch;Vendor Advisory
Jump to