CVE-2018-7541 — XEN vulnerability

7 documents6 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 74.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux

Timeline

PublishedFeb 27

Latest updateMay 13

Description

An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 (bookworm)

▶Debianxen/xen< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5+3

▶NVDxen/xen4.10.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-5f4c-q2q8-8v2r: An issue was discovered in Xen through 4↗2022-05-13

▶

OSV

CVE-2018-7541: An issue was discovered in Xen through 4↗2018-02-27

▶

📋Vendor Advisories

Red Hat

xen: grant table v2 -> v1 transition may crash Xen (XSA-255)↗2018-02-27

▶

Debian

CVE-2018-7541: xen - An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a...↗2018

▶

💬Community

Bugzilla

CVE-2018-7541 xen: xsa255 xen: grant table v2 -> v1 transition may crash Xen (XSA-255) [fedora-all]↗2018-02-27

▶

Bugzilla

CVE-2018-7541 xsa255 xen: grant table v2 -> v1 transition may crash Xen (XSA-255)↗2018-02-12

▶