Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-15468

Опубликовано: 14 авг. 2018
Источник: redhat
CVSS3: 6
EPSS Низкий

Описание

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5xenNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-665
https://bugzilla.redhat.com/show_bug.cgi?id=1610548xen: x86 Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)

EPSS

Процентиль: 31%
0.00115
Низкий

6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-15468

CVSS3: 6
ubuntu
больше 7 лет назад

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

nvd логотип

CVE-2018-15468

CVSS3: 6
nvd
больше 7 лет назад

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

debian логотип

CVE-2018-15468

CVSS3: 6
debian
больше 7 лет назад

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contai ...

github логотип

GHSA-m48w-fvxv-5j3g

CVSS3: 6
github
больше 3 лет назад

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

suse-cvrf логотип

SUSE-SU-2018:3332-1

suse-cvrf
больше 7 лет назад

Security update for xen

EPSS

Процентиль: 31%
0.00115
Низкий

6 Medium

CVSS3