SCSI Disk Write Vulnerability in Xen Hypervisor by Xen Project
CVE-2018-12892

9.9CRITICAL

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
2 July 2018

What is CVE-2018-12892?

A vulnerability has been identified in the Xen Hypervisor from versions 4.7 through 4.10.x where the libxl component fails to properly enforce the read-only flag for SCSI disks. This oversight may allow unauthorized write access to disk images that should be read-only. Specifically, this issue affects systems using emulated SCSI disks defined as 'sd' in the libxl configuration. It can be exploited by malicious guest administrators or users, particularly in environments where PVHVM is enabled, and the attacker has control over the guest kernel or its command line. The vulnerability does not apply to IDE disks or CDROMs, as they are inherently safeguarded against such modifications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.debian.org/security/2018/dsa-4236
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201810-06
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/104571
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.