Main Vulnerability Database Vulnerabilities #VU14473

#VU14473 Memory corruption in Xen - CVE-2018-15470

Published: August 21, 2018

Vulnerability identifier: #VU14473

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15470

CWE-ID: CWE-119

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to the affected software fails to enforce the quota-maxentity setting. An adjacent attacker can write an excessive number of XenStore entries, trigger unbounded memory usage and cause the service to crash.

Remediation

Install update from vendor's website.

External links

http://xenbits.xen.org/xsa/advisory-272.html

#VU14473 Memory corruption in Xen - CVE-2018-15470

Description

Remediation

External links

Please verify you're human