CVE-2018-5244: Buffer Overflow
First published: Fri Jan 05 2018(Updated: )
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen xen-unstable | >=4.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5244?
CVE-2018-5244 is categorized as a denial of service vulnerability that can lead to excessive memory consumption on the host OS.
How do I fix CVE-2018-5244?
To mitigate CVE-2018-5244, upgrade your Xen environment to a version later than 4.10.0 where this issue has been addressed.
Who is affected by CVE-2018-5244?
CVE-2018-5244 affects systems running Xen hypervisor version 4.10.0 and possibly earlier versions.
What kind of impact does CVE-2018-5244 have?
The impact of CVE-2018-5244 is denial of service, as the vulnerability can lead to exhaustion of host OS memory.
Is CVE-2018-5244 easy to exploit?
CVE-2018-5244 can be exploited by guest OS administrators, making it a relatively straightforward attack vector in a multi-tenant environment.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xen
- canonical/xen xen-unstable
- version/xen xen-unstable/4.10.0