CVE-2018-10471

Impact:
Moderate
Public Date:
2018-04-25
CWE:
CWE-787
Bugzilla:
1566220: CVE-2018-10471 xsa259 xen: x86 PV guest may crash Xen with XPTI
An OOB write issue was found in the way Xen hypervisor handled error in the Page Table Isolation (PTI) implementation, used to fix the Meltdown issue. It could occur while processing interrupt 'INT 0x80', when PV guest's vCPU has no handler for it. A malicious guest user/process could use this flaw to crash the hypervisor resulting in denial of service issue.

Find out more about CVE-2018-10471 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.6
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 xen Not affected

Acknowledgements

Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper (Citrix) as the original reporter.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.