Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-14678

Опубликовано: 25 июл. 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Отчет

This issue only affects guests running as Xen paravirtualized (PV) guests. Starting with Red Hat Enterprise Linux 7 onwards running Red Hat Enterprise Linux installations as Xen PV guests is not supported.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 5kernel-xenOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=1608559xen: Uninitialized state in x86 PV failsafe callback path (XSA-274)

EPSS

Процентиль: 26%
0.00088
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-14678

CVSS3: 7.8
ubuntu
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

nvd логотип

CVE-2018-14678

CVSS3: 7.8
nvd
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

debian логотип

CVE-2018-14678

CVSS3: 7.8
debian
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.11, as used i ...

github логотип

GHSA-mmph-rg95-j757

CVSS3: 7.8
github
около 3 лет назад

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

oracle-oval логотип

ELSA-2018-4210

oracle-oval
почти 7 лет назад

ELSA-2018-4210: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 26%
0.00088
Низкий

7 High

CVSS3