7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%
An issue was discovered in xenvif_set_hash_mapping in
drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used
in Xen through 4.11.x and other products. The Linux netback driver allows
frontends to control mapping of requests to request queues. When processing
a request to set or change this mapping, some input validation (e.g., for
an integer overflow) was missing or flawed, leading to OOB access in hash
handling. A malicious or buggy frontend may cause the (usually privileged)
backend to make out of bounds memory accesses, potentially resulting in one
or more of privilege escalation, Denial of Service (DoS), or information
leaks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-39.42 | UNKNOWN |
ubuntu | 18.10 | noarch | linux | < 4.18.0-11.12 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1027.27 | UNKNOWN |
ubuntu | 18.10 | noarch | linux-aws | < 4.18.0-1004.5 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 4.15.0-1031.32 | UNKNOWN |
ubuntu | 18.10 | noarch | linux-azure | < 4.18.0-1006.6 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1031.32~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1031.32~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure-edge | < 4.18.0-1006.6~16.04.2 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 4.15.0-1024.25 | UNKNOWN |
bugs.chromium.org/p/project-zero/issues/detail?id=1607
launchpad.net/bugs/cve/CVE-2018-15471
nvd.nist.gov/vuln/detail/CVE-2018-15471
security-tracker.debian.org/tracker/CVE-2018-15471
ubuntu.com/security/notices/USN-3819-1
ubuntu.com/security/notices/USN-3820-1
ubuntu.com/security/notices/USN-3820-2
ubuntu.com/security/notices/USN-3820-3
www.cve.org/CVERecord?id=CVE-2018-15471
www.spinics.net/lists/netdev/msg520271.html
xenbits.xen.org/xsa/advisory-270.html
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.6%