CVE-2018-10982 — XEN vulnerability

7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 78.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux

Timeline

PublishedMay 10

Latest updateJun 11

Description

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 (bookworm)

▶Debianxen/xen< 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6+3

▶NVDxen/xen4.10.1

Also affects: Debian Linux 7.0, 8.0, 9.0

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-c292-2j32-cgq5: An issue was discovered in Xen through 4↗2022-05-13

▶

OSV

CVE-2018-10982: An issue was discovered in Xen through 4↗2018-05-10

▶

📋Vendor Advisories

Red Hat

xen: x86 vHPET interrupt injection errors (XSA-261)↗2018-05-08

▶

Debian

CVE-2018-10982: xen - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to...↗2018

▶

📄Research Papers

arXiv

Mono: Is Your "Clean" Vulnerability Dataset Really Solvable? Exposing and Trapping Undecidable Patches and Beyond↗2025-06-11

▶

💬Community

Bugzilla

CVE-2018-10982 xsa261 xen: x86 vHPET interrupt injection errors (XSA-261)↗2018-04-25

▶