Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2018-12893

Published: 02/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Xen

Vulnerability Summary

An issue exists in Xen up to and including 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

debian debian linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-4236-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-12891 It was discovered that insufficient validation of PV MMU operations may result in denial of service CVE-2018-12892 It was discovered that libxl fails to honour the readonly flag on HVM-emulated SCSI disks CVE-2018-12893 It was discovered that ...
Red Hat: CVE-2018-12893
An issue was discovered in Xen through 410x One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest A malicious PV guest can crash Xen, leading to a Denial of Service All Xen systems which have ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem Two issues have been identified within Citrix XenServer, which could, if exploited, allow unprivileged code in a PV guest VM to cause the host to crash or become unresponsive These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 75 The following vulnerabiliti ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=1590979http://xenbits.xen.org/xsa/advisory-265.htmlhttp://www.securityfocus.com/bid/104572http://www.openwall.com/lists/oss-security/2018/06/27/11https://www.debian.org/security/2018/dsa-4236https://support.citrix.com/article/CTX235748http://www.securitytracker.com/id/1041202https://security.gentoo.org/glsa/201810-06https://lists.debian.org/debian-lts-announce/2018/11/msg00013.htmlhttps://www.debian.org/security/./dsa-4236https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook