SB2018051508 - Multiple vulnerabilities in Xen
Published: May 15, 2018
Security Bulletin ID
SB2018051508
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2018-10981)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.The weakness exists due to a failure to reject invalid transitions between states. An adjacent attacker can submit a specially crafted request designed to force the QEMU device model on the system to switch the request between two states, trigger infinite loop and cause the service to crash.
2) Integer overflow (CVE-ID: CVE-2018-10982)
The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.The weakness exists due to an array overrun condition that occurs when the High Precision Event Timer (HPET) timer is configured to deliver interrupts in IO-APIC mode. An adjacent attacker who has the HPET timer configured to deliver interrupts in IO-APIC mode can cause the service to crash or gain root privileges.
Remediation
Install update from vendor's website.