SB2018022709 - Denial of service in Xen

Description

This security bulletin contains information about 3 vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2018-7542)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in multiple paths without the presence of a Local APIC. An adjacent attacker can crash the hypervisor and cause a denial of service.

2) Memory corruption (CVE-ID: CVE-2018-7541)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.

The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.

3) Resource exhaustion (CVE-ID: CVE-2018-7540)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.

The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.

Remediation

Install update from vendor's website.

References

• http://xenbits.xen.org/xsa/advisory-256.html
• http://xenbits.xen.org/xsa/advisory-255.html
• http://xenbits.xen.org/xsa/advisory-252.html