CVE-2018-14678

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-07-2018 08:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://xenbits.xen.org/xsa/advisory-274.html
1041397-Third Party Advisory, VDB Entry
104924-Third Party Advisory, VDB Entry
DSA-4308-Third Party Advisory
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update-Mailing List, Third Party Advisory
USN-3931-2-
USN-3931-1-

Keywords

CVE-2018-14678

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2018-14678

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures