CVE-2018-14678
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.
Se ha descubierto un problema en el kernel de Linux hasta la versiĆ³n 4.17.11, tal y como se utiliza en Xen hasta las versiones 4.11.x. El punto de entrada de xen_failsafe_callback en arch/x86/entry/entry_64.S no mantiene correctamente el RBX, lo que permite a los usuarios locales provocar una denegaciĆ³n de servicio (uso de memoria no inicializada y cierre inesperado del sistema). Dentro de Xen, los usuarios del SO guest x86 PV Linux de 64 bits pueden desencadenar un cierre inesperado del SO guest o, posiblemente, obtener privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-28 CVE Reserved
- 2018-07-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104924 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041397 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://xenbits.xen.org/xsa/advisory-274.html | 2023-02-24 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3931-1 | 2023-02-24 | |
| https://usn.ubuntu.com/3931-2 | 2023-02-24 | |
| https://www.debian.org/security/2018/dsa-4308 | 2023-02-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14.21 < 4.14.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.21 < 4.14.61" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15.5 < 4.17.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15.5 < 4.17.13" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.11.0 Search vendor "Xen" for product "Xen" and version " <= 4.11.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||