Memory corruption in Xen - CVE-2018-5244
Published: October 30, 2018 / Updated: October 31, 2018
Vulnerability identifier: #VU15586
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Clear
CVE-ID: CVE-2018-5244
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows an adjacent administrative attacker to cause DoS condition on the guest system.
The vulnerability exists due to one tracking structure isn't freed when a vcpu is destroyed as new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. A remote attacker can trigger host OS memory consumption and cause the system to crash by rebooting many times.
How to mitigate CVE-2018-5244
Install update from vendor's website.