ID

VAR-201804-0701


CVE

CVE-2018-10472


TITLE

Xen Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-004610

DESCRIPTION

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. Xen Contains an information disclosure vulnerability.Information may be obtained. Xen is an open source virtual machine monitor product developed by the University of Cambridge, England. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure proper operation and avoid downtime. There are security vulnerabilities in Xen 4.10.x and earlier. An attacker could exploit this vulnerability to read any dom0 file. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4201-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 15, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982 Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-8897 Andy Lutomirski and Nick Peterson discovered that incorrect handling of debug exceptions could result in privilege escalation. CVE-2018-10471 An error was discovered in the mitigations against Meltdown which could result in denial of service. CVE-2018-10472 Anthony Perard discovered that incorrect parsing of CDROM images can result in information disclosure. CVE-2018-10981 Jan Beulich discovered that malformed device models could result in denial of service. CVE-2018-10982 Roger Pau Monne discovered that incorrect handling of high precision event timers could result in denial of service and potentially privilege escalation. For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlr7PHoACgkQEMKTtsN8 TjbvyBAAqSJFsDcTo75hggE1faIttXR3UKOwJ4eSKbkf3G6/JnvotuO5z4bQXDBC XZfkL6kOTl579vmCGgCvBv/SrrPrJ1ibhrw+Dz1MIcjX4Yt9mb6NriWuMTObknca uw6qJakWZTB3tFcp3LlmN80B8lY/67XR8mQaZ4f0yHhGEfqIunEtSgLelmp5lLu2 M/m1iH9zQon3muhQiXiHJeMg1ghJ3xvFKbuEU9prih4NNinxquv0pmAzfbPCCBN6 E4cuEjArzdnwLydeWfCoLrFOZh5rvoMTmmK8gj2/KVlbC5YgJ5/xVlc89B4PaJKL m3oUV2dnLEpubC7uuXSOoejMnfbPcOGM4VYrmuIuxEfZZVNYE/NxvmNCZ+JDzQV7 Z939vOgyqyuojFFt7lgvoCWM2Q3xDRMrE9akK1KyAGmvyRzoczblw8N6dzL8sain gs5LUE/5dCJWQWv4IPz/V/nl50Lh+tYjbdVuZaiXxKYiqiWuCY0Ea+8QIb2UWGrk rC2BUYaoYBEo0vQhzBIi91E2hyQ+2Y6+zP6zTVTEA8PDw2YnfdffzydQ3Z9l4OSN IoTOojXPpMdcCSVzBC5OkvzBuQ6qzkVh3vftxajYazuiSrPJl8KenLJ6jFlpCzA3 p+140rFiElDCUkHacCmfs4zWQ+/ZLcoAppIxvxDEZYWyRJp3qgU= =KAUD -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact ====== A local attacker could cause a Denial of Service condition or disclose sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2018-10472 // JVNDB: JVNDB-2018-004610 // CNVD: CNVD-2018-10143 // BID: 104002 // PACKETSTORM: 147651 // PACKETSTORM: 150083

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-10143

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.6

vendor:xenmodel:xenscope:lteversion:4.10.1

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:xenmodel:xenscope: - version: -

Trust: 0.8

vendor:xenmodel:xenscope:lteversion:<=4.10.*

Trust: 0.6

vendor:xenmodel:xenscope:eqversion:4.7

Trust: 0.3

vendor:xenmodel:xenscope:eqversion:4.6

Trust: 0.3

vendor:xenmodel:xenscope:eqversion:4.9

Trust: 0.3

vendor:xenmodel:xenscope:eqversion:4.6.3

Trust: 0.3

vendor:xenmodel:xenscope:eqversion:4.10

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

sources: CNVD: CNVD-2018-10143 // BID: 104002 // JVNDB: JVNDB-2018-004610 // CNNVD: CNNVD-201804-1511 // NVD: CVE-2018-10472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10472
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10472
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-10143
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-1511
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2018-10472
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-10143
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-10472
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.1
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-10143 // JVNDB: JVNDB-2018-004610 // CNNVD: CNNVD-201804-1511 // NVD: CVE-2018-10472

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-004610 // NVD: CVE-2018-10472

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-1511

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1511

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004610

PATCH

title:DSA-4201-1 xen -- security updateurl:https://www.debian.org/security/2018/dsa-4201

Trust: 0.8

title:XSA-258url:https://xenbits.xen.org/xsa/advisory-258.html

Trust: 0.8

title:Xen arbitrary file read vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/130045

Trust: 0.6

title:Xen Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79749

Trust: 0.6

sources: CNVD: CNVD-2018-10143 // JVNDB: JVNDB-2018-004610 // CNNVD: CNNVD-201804-1511

EXTERNAL IDS

db:NVDid:CVE-2018-10472

Trust: 3.5

db:BIDid:104002

Trust: 1.9

db:JVNDBid:JVNDB-2018-004610

Trust: 0.8

db:CNVDid:CNVD-2018-10143

Trust: 0.6

db:CNNVDid:CNNVD-201804-1511

Trust: 0.6

db:PACKETSTORMid:147651

Trust: 0.1

db:PACKETSTORMid:150083

Trust: 0.1

sources: CNVD: CNVD-2018-10143 // BID: 104002 // JVNDB: JVNDB-2018-004610 // PACKETSTORM: 147651 // PACKETSTORM: 150083 // CNNVD: CNNVD-201804-1511 // NVD: CVE-2018-10472

REFERENCES

url:http://www.securityfocus.com/bid/104002

Trust: 1.6

url:https://xenbits.xen.org/xsa/advisory-258.html

Trust: 1.6

url:https://security.gentoo.org/glsa/201810-06

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10472

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html

Trust: 1.0

url:https://www.debian.org/security/2018/dsa-4201

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10472

Trust: 0.8

url:http://xen.xensource.com/

Trust: 0.3

url:http://xenbits.xenproject.org/xsa/advisory-258.txt

Trust: 0.3

url:http://xenbits.xenproject.org/xsa/advisory-258.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-10471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-10982

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-10981

Trust: 0.2

url:https://security-tracker.debian.org/tracker/xen

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8897

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5244

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7542

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12892

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12891

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5753

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5715

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15468

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3646

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15470

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7541

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7540

Trust: 0.1

sources: CNVD: CNVD-2018-10143 // BID: 104002 // JVNDB: JVNDB-2018-004610 // PACKETSTORM: 147651 // PACKETSTORM: 150083 // CNNVD: CNNVD-201804-1511 // NVD: CVE-2018-10472

CREDITS

Anthony Perard of Citrix.

Trust: 0.3

sources: BID: 104002

SOURCES

db:CNVDid:CNVD-2018-10143
db:BIDid:104002
db:JVNDBid:JVNDB-2018-004610
db:PACKETSTORMid:147651
db:PACKETSTORMid:150083
db:CNNVDid:CNNVD-201804-1511
db:NVDid:CVE-2018-10472

LAST UPDATE DATE

2024-11-23T21:21:13.753000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-10143date:2018-05-23T00:00:00
db:BIDid:104002date:2018-05-17T06:00:00
db:JVNDBid:JVNDB-2018-004610date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201804-1511date:2018-04-28T00:00:00
db:NVDid:CVE-2018-10472date:2024-11-21T03:41:22.760

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-10143date:2018-05-23T00:00:00
db:BIDid:104002date:2018-04-25T00:00:00
db:JVNDBid:JVNDB-2018-004610date:2018-06-25T00:00:00
db:PACKETSTORMid:147651date:2018-05-16T07:54:27
db:PACKETSTORMid:150083date:2018-10-31T01:14:40
db:CNNVDid:CNNVD-201804-1511date:2018-04-28T00:00:00
db:NVDid:CVE-2018-10472date:2018-04-27T15:29:00.390