CVE-2018-15471 — Out-of-bounds Read in Kernel
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 17
Latest updateMay 13
Description
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10
🔴Vulnerability Details
6📋Vendor Advisories
6💬Community
3Bugzilla▶
CVE-2018-15471 kernel: net: xen: Linux netback driver OOB access in hash handling (XSA-270) [fedora-all]↗2018-08-16
Bugzilla▶
CVE-2018-15471 xen: kernel: net: xen: Linux netback driver OOB access in hash handling (XSA-270) [fedora-all]↗2018-08-16
Bugzilla▶
CVE-2018-15471 kernel: net: xen: Linux netback driver OOB access in hash handling (XSA-270)↗2018-07-31