Published: 27/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.1 | Impact Score: 8.5 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 543

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C

An issue exists in Xen up to and including 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen
debian debian linux 9.0

Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-7540 Jann Horn discovered that missing checks in page table freeing may result in denial of service CVE-2018-7541 Jan Beulich discovered that incorrect error handling in grant table checks may result in guest-to-host denial of service and potentially ...

An issue was discovered in Xen through 410x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 ...

Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host The following vulnerabilities have been addressed: CVE-2016-2074: openvswitch: MPL ...

NVD-CWE-noinfo https://xenbits.xen.org/xsa/advisory-255.html https://www.debian.org/security/2018/dsa-4131 https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html https://support.citrix.com/article/CTX232655 http://www.securityfocus.com/bid/103177 https://support.citrix.com/article/CTX232096 http://www.securitytracker.com/id/1040775 https://security.gentoo.org/glsa/201810-06 https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html https://nvd.nist.gov https://www.debian.org/security/./dsa-4131

CVE-2018-7541

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect