Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12893

Good to know:

icon

Date: July 2, 2018

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.

Language: C

Severity Score

Related Resources (13)

https://bugzilla.redhat.com/show_bug.cgi?id=1590979
https://support.citrix.com/article/CTX235748
http://www.securityfocus.com/bid/104572
https://nvd.nist.gov/vuln/detail/CVE-2018-12893
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
https://security-tracker.debian.org/tracker/CVE-2018-12893
http://xenbits.xen.org/xsa/advisory-265.html
https://www.debian.org/security/2018/dsa-4236
http://www.securitytracker.com/id/1041202
http://www.openwall.com/lists/oss-security/2018/06/27/11
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12893
https://security.gentoo.org/glsa/201810-06
https://www.mend.io/vulnerability-database/CVE-2018-12893

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version 2.4.30

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us