Details of VAR-201801-1434

ID

VAR-201801-1434

CVE

CVE-2018-5244

TITLE

Xen Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001273

DESCRIPTION

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. Xen Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xen is an open source virtual machine monitor. There is a security vulnerability in the Xen 4.10 release. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2018-5244 // JVNDB: JVNDB-2018-001273 // CNVD: CNVD-2018-04061 // BID: 102433 // PACKETSTORM: 150083

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-04061

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	eq	version:	4.10	Trust: 1.7
vendor:	xen	model:	xen	scope:	gte	version:	4.10.0	Trust: 1.0

sources: CNVD: CNVD-2018-04061 // BID: 102433 // JVNDB: JVNDB-2018-001273 // NVD: CVE-2018-5244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5244
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-5244
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-04061
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-233
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-5244
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-04061
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-5244
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-04061 // JVNDB: JVNDB-2018-001273 // CNNVD: CNNVD-201801-233 // NVD: CVE-2018-5244

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2018-001273 // NVD: CVE-2018-5244

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201801-233

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201801-233

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001273

PATCH

title:	XSA-253	url:	https://xenbits.xen.org/xsa/advisory-253.html	Trust: 0.8
title:	Patch for Xen Denial of Service Vulnerability (CNVD-2018-04061)	url:	https://www.cnvd.org.cn/patchInfo/show/120001	Trust: 0.6
title:	Xen Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77544	Trust: 0.6

sources: CNVD: CNVD-2018-04061 // JVNDB: JVNDB-2018-001273 // CNNVD: CNNVD-201801-233

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5244	Trust: 3.4
db:	BID	id:	102433	Trust: 1.3
db:	SECTRACK	id:	1040774	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-001273	Trust: 0.8
db:	CNVD	id:	CNVD-2018-04061	Trust: 0.6
db:	CNNVD	id:	CNNVD-201801-233	Trust: 0.6
db:	PACKETSTORM	id:	150083	Trust: 0.1

sources: CNVD: CNVD-2018-04061 // BID: 102433 // JVNDB: JVNDB-2018-001273 // PACKETSTORM: 150083 // CNNVD: CNNVD-201801-233 // NVD: CVE-2018-5244

REFERENCES

url:	https://xenbits.xen.org/xsa/advisory-253.html	Trust: 2.5
url:	https://security.gentoo.org/glsa/201810-06	Trust: 1.1
url:	http://www.securityfocus.com/bid/102433	Trust: 1.0
url:	http://www.securitytracker.com/id/1040774	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5244	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5244	Trust: 0.8
url:	http://www.xen.org/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7542	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12892	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10471	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12891	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5753	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12893	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10982	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10472	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5754	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3620	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15470	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7541	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7540	Trust: 0.1

sources: CNVD: CNVD-2018-04061 // BID: 102433 // JVNDB: JVNDB-2018-001273 // PACKETSTORM: 150083 // CNNVD: CNNVD-201801-233 // NVD: CVE-2018-5244

CREDITS

Andrew Cooper of Citrix.

Trust: 0.3

sources: BID: 102433

SOURCES

db:	CNVD	id:	CNVD-2018-04061
db:	BID	id:	102433
db:	JVNDB	id:	JVNDB-2018-001273
db:	PACKETSTORM	id:	150083
db:	CNNVD	id:	CNNVD-201801-233
db:	NVD	id:	CVE-2018-5244

LAST UPDATE DATE

2024-11-23T20:42:00.440000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-04061	date:	2018-03-02T00:00:00
db:	BID	id:	102433	date:	2018-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-001273	date:	2018-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201801-233	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2018-5244	date:	2024-11-21T04:08:24.847

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-04061	date:	2018-03-02T00:00:00
db:	BID	id:	102433	date:	2018-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-001273	date:	2018-02-05T00:00:00
db:	PACKETSTORM	id:	150083	date:	2018-10-31T01:14:40
db:	CNNVD	id:	CNNVD-201801-233	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2018-5244	date:	2018-01-05T18:29:00.247