SB2018022728 - Fedora 26 update for xen
Published: February 27, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018022728
Severity
Medium
Patch available
YES
Number of vulnerabilities
4
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2018-7542)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference. An adjacent attacker can cause the service to crash by leveraging the mishandling of configurations that lack a Local APIC.
2) NULL pointer dereference (CVE-ID: CVE-2018-7542)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to a NULL pointer dereference in multiple paths without the presence of a Local APIC. An adjacent attacker can crash the hypervisor and cause a denial of service.
3) Resource exhaustion (CVE-ID: CVE-2018-7540)
The vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.
4) Memory corruption (CVE-ID: CVE-2018-7541)
The vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.
Remediation
Install update from vendor's website.