Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-10
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
Products | Debian_linux, Xen |
Type | Permissions, Privileges, and Access Controls (CWE-264) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html
• http://www.securityfocus.com/bid/104150 • https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html • https://security.gentoo.org/glsa/201810-06 • http://openwall.com/lists/oss-security/2018/05/08/2 |