CVE-2018-5244 - OpenCVE

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/102433	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040774
https://security.gentoo.org/glsa/201810-06
https://xenbits.xen.org/xsa/advisory-253.html	Issue Tracking Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-05T18:00:00

Updated: 2018-10-31T09:57:01

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5244

JSON object: View

NVD Information

Status : Modified

Published: 2018-01-05T18:29:00.247

Modified: 2018-10-31T10:32:20.263

Link: CVE-2018-5244

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201810-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201810-06"}, {"name": "102433", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102433"}, {"name": "1040774", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040774"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-253.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201810-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-06"}, {"name": "102433", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102433"}, {"name": "1040774", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040774"}, {"name": "https://xenbits.xen.org/xsa/advisory-253.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-253.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5244", "datePublished": "2018-01-05T18:00:00", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2018-10-31T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0060574-66EE-413D-9C6B-197AF1164EC9", "versionStartIncluding": "4.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}, {"lang": "es", "value": "En Xen 4.10, se introdujo una nueva infraestructura como parte de una revisi\u00f3n de c\u00f3mo ocurre la emulaci\u00f3n MSR para los invitados. Desafortunadamente, no se libera una estructura de rastreo cuando se destruye una vcpu. Esto permite que administradores invitados del sistema operativo provoquen una denegaci\u00f3n de servicio (consumo de memoria del sistema operativo del host) reiniciando muchas veces."}], "id": "CVE-2018-5244", "lastModified": "2018-10-31T10:32:20.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-05T18:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102433"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1040774"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201810-06"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-253.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}