CVE-2018-7542 — NULL Pointer Dereference in XEN

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 83.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux

Timeline

PublishedFeb 27

Latest updateMay 14

Description

An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 (bookworm)

▶Debianxen/xen< 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5+3

▶NVDxen/xen4.8.0 — 4.10.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-3958-x3r2-xc87: An issue was discovered in Xen 4↗2022-05-14

▶

OSV

CVE-2018-7542: An issue was discovered in Xen 4↗2018-02-27

▶

📋Vendor Advisories

Red Hat

xen: x86 PVH guest without LAPIC may DoS the host (XSA-256)↗2018-02-27

▶

Debian

CVE-2018-7542: xen - An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS us...↗2018

▶

💬Community

Bugzilla

CVE-2018-7542 xen: xsa256 xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) [fedora-all]↗2018-02-27

▶

Bugzilla

CVE-2018-7542 xsa256 xen: x86 PVH guest without LAPIC may DoS the host (XSA-256)↗2018-02-12

▶