cnvd - cnvd-2018-15166

cnvd-2018-15166

Vulnerability from cnvd

Title: Xen拒绝服务漏洞（CNVD-2018-15166）

Description:

Xen是一个开放源代码虚拟机监视器，由剑桥大学开发。它打算在单个计算机上运行多达101个满特征的操作系统。

Xen存在拒绝服务漏洞，该漏洞是由Xen调试触发器异常所致，攻击者可利用该漏洞在主机系统上导致拒绝服务条件。

Severity: 中

Patch Name: Xen拒绝服务漏洞（CNVD-2018-15166）的补丁

Patch Description:

Xen 是一个开放源代码虚拟机监视器，由剑桥大学开发。它打算在单个计算机上运行多达101个满特征的操作系统。

Xen存在拒绝服务漏洞，该漏洞是由Xen调试触发器异常所致，攻击者可利用该漏洞在主机系统上导致拒绝服务条件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： http://xenbits.xen.org/xsa/advisory-265.html

Reference: https://securitytracker.com/id/1041202 https://nvd.nist.gov/vuln/detail/CVE-2018-12893

Impacted products

Name
Xen Xen <=4.10.x

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12893"
    }
  },
  "description": "Xen\u662f\u4e00\u4e2a\u5f00\u653e\u6e90\u4ee3\u7801\u865a\u62df\u673a\u76d1\u89c6\u5668\uff0c\u7531\u5251\u6865\u5927\u5b66\u5f00\u53d1\u3002\u5b83\u6253\u7b97\u5728\u5355\u4e2a\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u591a\u8fbe101\u4e2a\u6ee1\u7279\u5f81\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nXen\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531Xen\u8c03\u8bd5\u89e6\u53d1\u5668\u5f02\u5e38\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
  "discovererName": "Andrew Cooper of Citrix",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://xenbits.xen.org/xsa/advisory-265.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15166",
  "openTime": "2018-08-14",
  "patchDescription": "Xen \u662f\u4e00\u4e2a\u5f00\u653e\u6e90\u4ee3\u7801\u865a\u62df\u673a\u76d1\u89c6\u5668\uff0c\u7531\u5251\u6865\u5927\u5b66\u5f00\u53d1\u3002\u5b83\u6253\u7b97\u5728\u5355\u4e2a\u8ba1\u7b97\u673a\u4e0a\u8fd0\u884c\u591a\u8fbe101\u4e2a\u6ee1\u7279\u5f81\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nXen\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531Xen\u8c03\u8bd5\u89e6\u53d1\u5668\u5f02\u5e38\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-15166\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Xen Xen \u003c=4.10.x"
  },
  "referenceLink": "https://securitytracker.com/id/1041202\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12893",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-29",
  "title": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-15166\uff09"
}

CVE-2018-12893 (GCVE-0-2018-12893)

Vulnerability from cvelistv5

Published

2018-07-02 17:00

Modified

2024-08-05 08:45

Severity ?

CWE

Summary

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2018/06/27/11	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4236	vendor-advisory, x_refsource_DEBIAN
	https://support.citrix.com/article/CTX235748	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201810-06	vendor-advisory, x_refsource_GENTOO
	https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1590979	x_refsource_CONFIRM
	http://xenbits.xen.org/xsa/advisory-265.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104572	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1041202	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:45:02.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20180627 Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2018/06/27/11"
          },
          {
            "name": "DSA-4236",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4236"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX235748"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-265.html"
          },
          {
            "name": "104572",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104572"
          },
          {
            "name": "1041202",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-13T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20180627 Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2018/06/27/11"
        },
        {
          "name": "DSA-4236",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4236"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX235748"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-265.html"
        },
        {
          "name": "104572",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104572"
        },
        {
          "name": "1041202",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20180627 Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2018/06/27/11"
            },
            {
              "name": "DSA-4236",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4236"
            },
            {
              "name": "https://support.citrix.com/article/CTX235748",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX235748"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-265.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-265.html"
            },
            {
              "name": "104572",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104572"
            },
            {
              "name": "1041202",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12893",
    "datePublished": "2018-07-02T17:00:00",
    "dateReserved": "2018-06-26T00:00:00",
    "dateUpdated": "2024-08-05T08:45:02.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted