Denial of Service Vulnerability in Xen Virtualization Software by Citrix
CVE-2018-12891

6.5MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
2 July 2018

What is CVE-2018-12891?

An issue in Xen virtualization software allows malicious guest operations to bypass essential preemption checks during certain PV MMU processes. By manipulating page table contents, an attacker could instigate an unbounded number of iterations, ultimately leading to a Denial of Service (DoS) that affects the entire host. This condition is specific to multi-vCPU x86 PV guests, and while it impacts all Xen versions starting from 3.4, earlier versions are vulnerable to an even broader spectrum of attacks due to their lack of preemption checks. ARM systems are unaffected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.debian.org/security/2018/dsa-4236
vendor-advisoryx_refsource_DEBIAN
https://support.citrix.com/article/CTX235748
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201810-06
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.