Published: 27/02/2018 Updated: 13/11/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in Xen up to and including 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
debian debian linux 9.0

Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially ...

An issue was discovered in Xen through 410x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing ...

Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPL ...

CWE-400 https://xenbits.xen.org/xsa/advisory-252.html https://www.debian.org/security/2018/dsa-4131 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://support.citrix.com/article/CTX232655 http://www.securityfocus.com/bid/103174 https://support.citrix.com/article/CTX232096 http://www.securitytracker.com/id/1040773 https://security.gentoo.org/glsa/201810-06 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://nvd.nist.gov https://www.debian.org/security/./dsa-4131

CVE-2018-7540

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect