Published: 17/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6 | Impact Score: 4 | Exploitability Score: 1.5

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in Xen up to and including 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

An issue was discovered in Xen through 411x The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core As a result, it must only be available to full ...

Description of Problem Several security issues have been identified that impact XenServer Customers should consider these issues and determine possible impact to their own systems  These updates provide a mitigation for recently disclosed issues affecting Intel CPUs  These issues, if exploited, could allow malicious unprivileged code i ...

CWE-863 http://xenbits.xen.org/xsa/advisory-269.html https://security.gentoo.org/glsa/201810-06 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-15468

CVE-2018-15468

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect