Main Vulnerability Database Vulnerabilities #VU12543

Information disclosure in Xen - CVE-2018-10472

Published: May 9, 2018 / Updated: May 10, 2018

Vulnerability identifier: #VU12543

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10472

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists in certain configurations due to improper information control. An adjacent attacker can read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

How to mitigate CVE-2018-10472

Install update from vendor's website.

Sources

https://xenbits.xen.org/xsa/advisory-258.html

Information disclosure in Xen - CVE-2018-10472

Detailed vulnerability description

How to mitigate CVE-2018-10472

Sources

Please verify you're human