CVE-2018-12892Sensitive Information Exposure in XEN

CWE-200Sensitive Information ExposureCWE-285Improper Authorization7 documents6 sources
Severity
9.9CRITICALNVD
EPSS
2.8%
top 13.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENDebian Linux
Timeline
PublishedJul 2
Latest updateMay 14

Description

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rej

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

debiandebian/xen< xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (bookworm)
Debianxen/xen< 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9+3
NVDxen/xen4.7.04.10.1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

2
GHSA
GHSA-pv22-mjm8-4f83: An issue was discovered in Xen 42022-05-14
OSV
CVE-2018-12892: An issue was discovered in Xen 42018-07-02

📋Vendor Advisories

2
Red Hat
xen: libxl fails to honour readonly flag on HVM emulated SCSI disks2018-06-27
Debian
CVE-2018-12892: xen - An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the reado...2018

💬Community

2
Bugzilla
CVE-2018-12892 xen: xsa-266 xen: libxl fails to honour readonly flag on HVM emulated SCSI disks [fedora-all]2018-06-27
Bugzilla
CVE-2018-12892 xsa-266 xen: libxl fails to honour readonly flag on HVM emulated SCSI disks2018-06-13