Published: 10/05/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An issue exists in Xen up to and including 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0

An issue was discovered in Xen through 410x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection ...

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious privileged code running in an HVM guest VM to crash the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and inc ...

NVD-CWE-noinfo https://xenbits.xen.org/xsa/advisory-261.html http://openwall.com/lists/oss-security/2018/05/08/2 http://www.securityfocus.com/bid/104150 https://www.debian.org/security/2018/dsa-4201 https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html https://security.gentoo.org/glsa/201810-06 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-10982

CVE-2018-10982

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect