Fedora 28 update for xen
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-10471 CVE-2018-10472 |
| CWE-ID | CWE-787 CWE-200 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU12542
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-10471
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to an unconditional write attempt of the value zero to an address near 2^64. An adjacent attacker can cause the service to crash or execute arbitrary code via unexpected INT 80 processing.
Successful exploitation of the vulnerability may result in system compromise.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
xen: before 4.10.0-9.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Error handling
EUVDB-ID: #VU12288
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10471
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to error handling flaw. An adjacent attacker can cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
xen: before 4.10.0-9.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU12543
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10472
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
xen: before 4.10.0-9.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU12287
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10472
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The weakness exists due to improper information control. An adjacent attacker can supply a specially crafted CDROM image to read arbitrary files or device nodes on the dom0 filesystem with the privileges of the quem devicemodel process.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
xen: before 4.10.0-9.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
