Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.704131
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 4131-1 (xen - security update)
Summary:Multiple vulnerabilities have been discovered in the Xen hypervisor:;;CVE-2018-7540;Jann Horn discovered that missing checks in page table freeing may;result in denial of service.;;CVE-2018-7541;Jan Beulich discovered that incorrect error handling in grant table;checks may result in guest-to-host denial of service and potentially;privilege escalation.;;CVE-2018-7542;Ian Jackson discovered that insufficient handling of x86 PVH guests;without local APICs may result in guest-to-host denial of service.
Description:Summary:
Multiple vulnerabilities have been discovered in the Xen hypervisor:

CVE-2018-7540
Jann Horn discovered that missing checks in page table freeing may
result in denial of service.

CVE-2018-7541
Jan Beulich discovered that incorrect error handling in grant table
checks may result in guest-to-host denial of service and potentially
privilege escalation.

CVE-2018-7542
Ian Jackson discovered that insufficient handling of x86 PVH guests
without local APICs may result in guest-to-host denial of service.

Affected Software/OS:
xen on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5.

We recommend that you upgrade your xen packages.

CVSS Score:
6.1

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-7540
BugTraq ID: 103174
http://www.securityfocus.com/bid/103174
Debian Security Information: DSA-4131 (Google Search)
https://www.debian.org/security/2018/dsa-4131
https://security.gentoo.org/glsa/201810-06
https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html
https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html
http://www.securitytracker.com/id/1040773
Common Vulnerability Exposure (CVE) ID: CVE-2018-7541
BugTraq ID: 103177
http://www.securityfocus.com/bid/103177
http://www.securitytracker.com/id/1040775
Common Vulnerability Exposure (CVE) ID: CVE-2018-7542
http://www.securitytracker.com/id/1040776
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.