Main Vulnerability Database Vulnerabilities #VU12287

#VU12287 Information disclosure in Xen - CVE-2018-10472

Published: April 28, 2018 / Updated: July 28, 2020

Vulnerability identifier: #VU12287

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10472

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The weakness exists due to improper information control. An adjacent attacker can supply a specially crafted CDROM image to read arbitrary files or device nodes on the dom0 filesystem with the privileges of the quem devicemodel process.

Remediation

Install update from vendor's website.

External links

http://xenbits.xen.org/xsa/advisory-258.html

#VU12287 Information disclosure in Xen - CVE-2018-10472

Description

Remediation

External links

Please verify you're human