{
  "threat_severity" : "Moderate",
  "public_date" : "2018-04-25T12:00:00Z",
  "bugzilla" : {
    "description" : "xen: x86 PV guest may crash Xen with XPTI",
    "id" : "1566220",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1566220"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-787",
  "details" : [ "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.", "An OOB write issue was found in the way Xen hypervisor handled error in the Page Table Isolation (PTI) implementation, used to fix the Meltdown issue. It could occur while processing interrupt 'INT 0x80', when PV guest's vCPU has no handler for it. A malicious guest user/process could use this flaw to crash the hypervisor resulting in denial of service issue." ],
  "acknowledgement" : "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper (Citrix) as the original reporter.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-10471\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10471\nhttps://xenbits.xen.org/xsa/advisory-259.html" ],
  "name" : "CVE-2018-10471",
  "csaw" : false
}