CVE-2018-12893Incorrect Privilege Assignment in XEN

CWE-266Incorrect Privilege Assignment7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 78.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENDebian Linux
Timeline
PublishedJul 2
Latest updateMay 13

Description

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerabi

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

debiandebian/xen< xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (bookworm)
Debianxen/xen< 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9+3
NVDxen/xen4.10.0

Also affects: Debian Linux 9.0

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-7589-4cgq-4p68: An issue was discovered in Xen through 42022-05-13
OSV
CVE-2018-12893: An issue was discovered in Xen through 42018-07-02

📋Vendor Advisories

2
Red Hat
xen: x86 DB exception safety check can be triggered by a guest (XSA-265)2018-06-27
Debian
CVE-2018-12893: xen - An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added...2018

💬Community

2
Bugzilla
CVE-2018-12893 xen: x86 DB exception safety check can be triggered by a guest (XSA-265) [fedora-all]2018-06-27
Bugzilla
CVE-2018-12893 xen: x86 DB exception safety check can be triggered by a guest (XSA-265)2018-06-13