Vulnerability Details : CVE-2018-15471
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
Vulnerability category: OverflowGain privilegeDenial of service
Products affected by CVE-2018-15471
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-15471
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-15471
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-15471
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-15471
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
[SECURITY] [DLA 1715-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3819-1/
USN-3819-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3820-2/
USN-3820-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
1607 - Xen: integer overflow in xen-netback xenvif_set_hash_mapping - project-zero - MonorailThird Party Advisory
-
https://usn.ubuntu.com/3820-3/
USN-3820-3: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3820-1/
USN-3820-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://xenbits.xen.org/xsa/advisory-270.html
XSA-270 - Xen Security AdvisoriesVendor Advisory
-
https://www.debian.org/security/2018/dsa-4313
Debian -- Security Information -- DSA-4313-1 linuxThird Party Advisory
Jump to