SB2018043006 - Multiple vulnerabilities in Xen
Published: April 30, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-10472)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The weakness exists due to improper information control. An adjacent attacker can supply a specially crafted CDROM image to read arbitrary files or device nodes on the dom0 filesystem with the privileges of the quem devicemodel process.
2) Error handling (CVE-ID: CVE-2018-10471)
CWE-ID: -
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to error handling flaw. An adjacent attacker can cause the service to crash.
Remediation
Install update from vendor's website.