CVE-2018-15471
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.
Se descubrió un problema en xenvif_set_hash_mapping en drivers/net/xen-netback/hash.c en el kernel de Linux hasta la versión 4.18.1, tal y como se utiliza en Xen hasta las versiones 4.11.x y otros productos. El controlador de netback de Linux permite a los frontends controlar el mapeo de las peticiones de colas de peticiones. Cuando se procesa una solicitud para establecer o cambiar este mapeo, faltaba alguna validación de entrada (por ejemplo, para un desbordamiento de un número entero) o era defectuosa, lo que llevaba al acceso OOB en el manejo de hashes. Un frontend malicioso o con errores puede hacer que el backend (normalmente privilegiado) haga accesos a la memoria fuera de límites, lo que puede resultar en uno o más escalados de privilegios, denegaciones de servicio (DoS) o fugas de información.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-17 CVE Reserved
- 2018-08-17 CVE Published
- 2023-08-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1607 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-270.html | 2023-10-03 | |
| https://usn.ubuntu.com/3819-1 | 2023-10-03 | |
| https://usn.ubuntu.com/3820-1 | 2023-10-03 | |
| https://usn.ubuntu.com/3820-2 | 2023-10-03 | |
| https://usn.ubuntu.com/3820-3 | 2023-10-03 | |
| https://www.debian.org/security/2018/dsa-4313 | 2023-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.11.0 Search vendor "Xen" for product "Xen" and version " <= 4.11.0" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.7 < 4.9.133 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.9.133" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.76" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.18.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.18.14" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||