CVE-2018-15468Incorrect Authorization in XEN

CWE-863Incorrect AuthorizationCWE-665Improper Initialization7 documents6 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 69.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedAug 17
Latest updateMay 13

Description

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL sett

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

debiandebian/xen< xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (bookworm)
Debianxen/xen< 4.11.1~pre.20180911.5acdd26fdc+dfsg-2+3
NVDxen/xen4.11.0

🔴Vulnerability Details

2
GHSA
GHSA-m48w-fvxv-5j3g: An issue was discovered in Xen through 42022-05-13
OSV
CVE-2018-15468: An issue was discovered in Xen through 42018-08-17

📋Vendor Advisories

2
Red Hat
xen: x86 Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)2018-08-14
Debian
CVE-2018-15468: xen - An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several...2018

💬Community

2
Bugzilla
CVE-2018-15468 xen: x86 Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) [fedora-all]2018-08-14
Bugzilla
CVE-2018-15468 xen: x86 Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)2018-07-31