Main Vulnerability Database Vulnerabilities #VU14473

Memory corruption in Xen - CVE-2018-15470

Published: August 21, 2018

Vulnerability identifier: #VU14473

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15470

CWE-ID: CWE-119

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to the affected software fails to enforce the quota-maxentity setting. An adjacent attacker can write an excessive number of XenStore entries, trigger unbounded memory usage and cause the service to crash.

How to mitigate CVE-2018-15470

Install update from vendor's website.

Sources

http://xenbits.xen.org/xsa/advisory-272.html

Memory corruption in Xen - CVE-2018-15470

Detailed vulnerability description

How to mitigate CVE-2018-15470

Sources

Please verify you're human