Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655544 (CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262) - <app-emulation/xen-4.10.1: multiple vulnerabilities (XSA-{258,259,261,262})
Summary: <app-emulation/xen-4.10.1: multiple vulnerabilities (XSA-{258,259,261,262})
Status: RESOLVED FIXED
Alias: CVE-2018-10471, CVE-2018-10472, CVE-2018-10981, CVE-2018-10982, XSA-258, XSA-259, XSA-261, XSA-262
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: XSA-268, XSA-269, XSA-272, XSA-273
Blocks:
  Show dependency tree
 
Reported: 2018-05-12 00:18 UTC by tonemgub
Modified: 2018-10-30 21:06 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tonemgub 2018-05-12 00:18:22 UTC
CVE-2018-10471
http://openwall.com/lists/oss-security/2018/04/30/2 
A malicious or buggy guest may cause a hypervisor crash, resulting in
a Denial of Service (DoS) affecting the entire host.

CVE-2018-10472
http://openwall.com/lists/oss-security/2018/04/30/1 
An attacker supplying a crafted CDROM image can read any file (or
device node) on the dom0 filesystem with the permissions of the qemu
devicemodel process. (The virtual CDROM device is read-only, so
no data can be written.)


CVE-2018-10981
http://openwall.com/lists/oss-security/2018/05/11/1 
A malicious unprivileged device model can cause a Denial of Service
(DoS) affecting the entire host. Specifically, it may prevent use of a
physical CPU for an indeterminate period of time.


* CVE-2018-10982 *
http://openwall.com/lists/oss-security/2018/05/11/2
A malicious or buggy HVM guest may cause a hypervisor crash, resulting
in a Denial of Service (DoS) affecting the entire host.
- Privilege escalation, or information leaks, cannot be excluded.

Xen has provided patches for each.

Reproducible: Always
Comment 1 D'juan McDonald (domhnall) 2018-06-21 21:43:49 UTC
See also: Bug 655188 

https://xenbits.xen.org/xsa/advisory-262.html Addresses CVE-2018-10981

https://xenbits.xen.org/xsa/advisory-261.html Addresses CVE-2018-10982
Comment 2 Larry the Git Cow gentoo-dev 2018-07-17 11:07:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec669947a76c8f65210a5e57cb1b66eaae18987

commit 2ec669947a76c8f65210a5e57cb1b66eaae18987
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2018-07-13 16:51:07 +0000
Commit:     Mikle Kolyada <zlogene@gentoo.org>
CommitDate: 2018-07-17 11:06:56 +0000

    app-emulation/xen: bump to 4.10.1
    
    Bug: https://bugs.gentoo.org/655544
    Bug: https://bugs.gentoo.org/655188
    Package-Manager: Portage-2.3.42, Repoman-2.3.9

 app-emulation/xen/Manifest          |   2 +
 app-emulation/xen/xen-4.10.1.ebuild | 172 ++++++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-09-10 09:53:53 UTC
Added to an existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-10-30 21:06:35 UTC
This issue was resolved and addressed in
 GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06
by GLSA coordinator Thomas Deutschmann (whissi).