Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-15471

Опубликовано: 17 авг. 2018
Источник: ubuntu
Приоритет: high
EPSS Низкий
CVSS2: 6.8
CVSS3: 7.8

Описание

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

РелизСтатусПримечание
bionic

released

4.15.0-39.42
cosmic

released

4.18.0-11.12
devel

not-affected

4.18.0-11.12
esm-infra-legacy/trusty

not-affected

3.11.0-12.19
esm-infra/bionic

released

4.15.0-39.42
esm-infra/xenial

not-affected

4.2.0-16.19
precise/esm

not-affected

3.0.0-12.20
trusty

not-affected

3.11.0-12.19
trusty/esm

not-affected

3.11.0-12.19
upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1027.27
cosmic

released

4.18.0-1004.5
devel

not-affected

4.18.0-1003.4
esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra/bionic

released

4.15.0-1027.27
esm-infra/xenial

not-affected

4.4.0-1001.10
precise/esm

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

4.15.0-1030.31~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

not-affected

4.15.0-1030.31~16.04.1

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1031.32
cosmic

released

4.18.0-1006.6
devel

not-affected

4.18.0-1006.6
esm-infra-legacy/trusty

released

4.15.0-1031.32~14.04.1
esm-infra/bionic

released

4.15.0-1031.32
esm-infra/xenial

released

4.15.0-1031.32~16.04.1
precise/esm

DNE

trusty

released

4.15.0-1031.32~14.04.1
trusty/esm

released

4.15.0-1031.32~14.04.1
upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-1006.6~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-1006.6~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

released

4.18.0-1006.6~16.04.2

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

not-affected

4.4.0-9019.20

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1024.25
cosmic

released

4.18.0-1003.4
devel

not-affected

4.18.0-1003.4
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1024.25
esm-infra/xenial

released

4.15.0-1024.25~16.04.2
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-1004.5~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-1004.5~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-13.14~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-13.14~18.04.1
esm-infra/xenial

released

4.15.0-39.42~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-13.14~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-13.14~18.04.1
esm-infra/xenial

released

4.15.0-39.42~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1026.26
cosmic

released

4.18.0-1004.4
devel

not-affected

4.18.0-1004.4
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1026.26
esm-infra/xenial

not-affected

4.4.0-1004.9
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

not-affected

3.13.0-24.46~precise1
trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise/esm

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.19~rc7
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1026.31
cosmic

released

4.15.0-1026.31
devel

not-affected

4.15.0-1026.31
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1026.31
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

ignored

end of standard support, was needed

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.15.0-1007.9
cosmic

not-affected

devel

not-affected

4.15.0-1007.9
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1007.9
esm-infra/xenial

not-affected

4.15.0-1007.9~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1028.30
cosmic

released

4.18.0-1006.8
devel

not-affected

4.18.0-1009.11
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

not-affected

4.2.0-1013.19

Показывать по

РелизСтатусПримечание
bionic

not-affected

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.19~rc7
xenial

not-affected

4.4.0-1012.12

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.00088
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-15471

CVSS3: 8.2
redhat
больше 7 лет назад

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

nvd логотип

CVE-2018-15471

CVSS3: 7.8
nvd
больше 7 лет назад

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

debian логотип

CVE-2018-15471

CVSS3: 7.8
debian
больше 7 лет назад

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen- ...

suse-cvrf логотип

SUSE-SU-2018:2677-1

suse-cvrf
больше 7 лет назад

Security update for the Linux Kernel (Live Patch 0 for SLE 15)

github логотип

GHSA-qv83-77rj-635j

CVSS3: 7.8
github
больше 3 лет назад

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

EPSS

Процентиль: 25%
0.00088
Низкий

6.8 Medium

CVSS2

7.8 High

CVSS3

Уязвимость CVE-2018-15471