x86: Nested VT-x usable even when disabled

🗓️ 24 Oct 2018 21:13:00Reported by Xen ProjectType

xen

xen🔗 xenbits.xen.org👁 574 Views

x86: Nested virtualization vulnerability in Xe

Reporter	Title	Published	Views	Family All 60
BDU FSTEC	The vulnerability of Xen hypervisors, related to the swapping of the zero pointer, allows a attacker to trigger a service failure.	27 Feb 202000:00	–	bdu_fstec
Tenable Nessus	Citrix XenServer Nested VT-x Instruction Guest-to-Host DoS (CTX239100)	9 Nov 201800:00	–	nessus
Tenable Nessus	Fedora 28 : xen (2018-73dd8de892)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 29 : xen (2018-a24754252a)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : xen (2018-f20a0cead5)	13 Nov 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : xen (openSUSE-2018-1530)	13 Dec 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : xen (openSUSE-2018-1624) (Foreshadow)	31 Dec 201800:00	–	nessus
Tenable Nessus	openSUSE Security Update : xen (openSUSE-2019-1046) (Foreshadow)	27 Mar 201900:00	–	nessus
Tenable Nessus	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:4070-1)	13 Dec 201800:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2018:4300-1) (Foreshadow)	2 Jan 201900:00	–	nessus

Vulners

Node

xen xenRange4.9≥

01 Nov 2018 11:10Current

1.1Low risk

Vulners AI Score1.1

CVSS 27.2

CVSS 38.8

EPSS0.00172

xen nested virtualization hvm guests vt-x instructions denial of service memory corruption privilege escalation