SB2018050918 - Fedora 27 update for xen
Published: May 9, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018050918
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-8897)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The vulnerability exists due to improper implementation of Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) on multiple system kernels, which results in an unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. A local user can execute arbitrary code with elevated privileges.
2) Integer overflow (CVE-ID: CVE-2018-10982)
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
3) Infinite loop (CVE-ID: CVE-2018-10981)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists due to a failure to reject invalid transitions between states. An adjacent attacker can submit a specially crafted request designed to force the QEMU device model on the system to switch the request between two states, trigger infinite loop and cause the service to crash.
Remediation
Install update from vendor's website.