The vulnerability of the xenvif_set_hash_mapping function in Xen hypervisors allows a malicious actor to gain unauthorized access to information and compromise its integrity and accessibility.

🗓️ 27 Feb 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

The Xen xenvif_set_hash_mapping vulnerability enables unauthorized access via integer overflow in netback requests, harming integrity and availability.

Reporter	Title	Published	Views	Family All 152
Cloud Foundry	USN-3820-2: Linux kernel (HWE) vulnerabilities \| Cloud Foundry	20 Nov 201800:00	–	cloudfoundry
CNVD	Linux kernel denial of service vulnerability (CNVD-2018-24546)	21 Aug 201800:00	–	cnvd
Citrix	XenServer Multiple Security Updates	14 Aug 201804:00	–	citrix
CVE	CVE-2018-15471	17 Aug 201817:00	–	cve
Cvelist	CVE-2018-15471	17 Aug 201817:00	–	cvelist
Debian	[SECURITY] [DLA 1715-1] linux-4.9 security update	15 Mar 201922:45	–	debian
Debian	[SECURITY] [DSA 4313-1] linux security update	8 Oct 201820:48	–	debian
Debian	[SECURITY] [DSA 4313-1] linux security update	8 Oct 201820:48	–	debian
Debian CVE	CVE-2018-15471	17 Aug 201817:00	–	debiancve
Tenable Nessus	Debian DLA-1715-1 : linux-4.9 security update (Spectre)	18 Mar 201900:00	–	nessus

Vulners

Node

linux xenRange≤4.11.0linux

linux xenRange≤4.18.1linux

canonical ubuntuMatch18.10

Source	Link
xenbits	www.xenbits.xen.org/xsa/advisory-270.html
bugs	www.bugs.chromium.org/p/project-zero/issues/detail
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
kernel	www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.76
kernel	www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.14
kernel	www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.133
lists	www.lists.debian.org/debian-lts-announce/2019/03/msg00017.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-15471
security-tracker	www.security-tracker.debian.org/tracker/CVE-2018-15471
ubuntu	www.ubuntu.com/security/notices/USN-3819-1

29 May 2024 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 26.8

CVSS 37.8

EPSS0.00088