Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2018-12891

Published: 02/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Debian

Vulnerability Summary

An issue exists in Xen up to and including 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and previous versions are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

debian debian linux 9.0

xen xen

Vendor Advisories

Debian Security Advisories: DSA-4236-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-12891 It was discovered that insufficient validation of PV MMU operations may result in denial of service CVE-2018-12892 It was discovered that libxl fails to honour the readonly flag on HVM-emulated SCSI disks CVE-2018-12893 It was discovered that ...
Red Hat: CVE-2018-12891
An issue was discovered in Xen through 410x Certain PV MMU operations may take a long time to process For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points A few rarely taken code paths did bypass such checks By suitably enforcing the conditions through its own page table contents, a malicious guest ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or become unresponsive These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 75 The following vulnerabiliti ...

References

NVD-CWE-noinfohttp://xenbits.xen.org/xsa/advisory-264.htmlhttp://www.securityfocus.com/bid/104570http://www.openwall.com/lists/oss-security/2018/06/27/10https://www.debian.org/security/2018/dsa-4236https://support.citrix.com/article/CTX235748http://www.securitytracker.com/id/1041201https://security.gentoo.org/glsa/201810-06https://lists.debian.org/debian-lts-announce/2018/11/msg00013.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-4236
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook