Multiple vulnerabilities in Xen

1) Information disclosure

EUVDB-ID: #VU12287

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10472

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The weakness exists due to improper information control. An adjacent attacker can supply a specially crafted CDROM image to read arbitrary files or device nodes on the dom0 filesystem with the privileges of the quem devicemodel process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Xen: 4.6.0 - 4.10.0

External links

http://xenbits.xen.org/xsa/advisory-258.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Error handling

EUVDB-ID: #VU12288

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10471

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to error handling flaw. An adjacent attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Xen: 4.6.0 - 4.10.0

External links

http://xenbits.xen.org/xsa/advisory-259.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.