Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
xenXen ProjectXSA-274
HistoryJul 25, 2018 - 4:39 p.m.

Linux: Uninitialized state in x86 PV failsafe callback path

2018-07-2516:39:00
Xen Project
xenbits.xen.org
731

0.0004 Low

EPSS

Percentile

5.2%

JSON

ISSUE DESCRIPTION

Linux has a failsafe callback, invoked by Xen under certain conditions. Normally in this failsafe callback, error_entry is paired with error_exit; and error_entry uses %ebx to communicate to error_exit whether to use the user or kernel return path.
Unfortunately, on 64-bit PV Xen on x86, error_exit is called without error_entry being called first, leaving %ebx with an invalid value.

IMPACT

A rogue user-space program could crash a guest kernel. Privilege escalation cannot be ruled out.

VULNERABLE SYSTEMS

Only 64-bit x86 PV Linux systems are vulnerable.
All versions of Linux are vulnerable.

Related

prion 1
redhatcve 1
ubuntucve 1
cve 1
nessus 10
cvelist 1
fedora 37
openvas 46
f5 1
debiancve 1
mageia 3
oraclelinux 2
photon 1
ubuntu 2
cloudfoundry 1
debian 1
ibm 1
prion
prion
Denial of service
2018-07-28 18:29:00
redhatcve
redhatcve
CVE-2018-14678
2018-07-30 02:19:21
ubuntucve
ubuntucve
CVE-2018-14678
2018-07-28 00:00:00
cve
cve
CVE-2018-14678
2018-07-28 18:29:00
nessus
nessus
Fedora 28 : kernel / kernel-headers (2018-cc812838fb)
2019-01-03 00:00:00
RHEL 6 : xen (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 27 : kernel / kernel-headers (2018-49bda79bd5)
2018-08-06 00:00:00
cvelist
cvelist
CVE-2018-14678
2018-07-28 18:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: kernel-headers-4.17.11-1.fc27
2018-08-03 19:58:29
[SECURITY] Fedora 28 Update: kernel-headers-4.17.11-1.fc28
2018-08-03 20:51:05
[SECURITY] Fedora 28 Update: kernel-4.17.11-200.fc28
2018-08-03 20:51:04
openvas
openvas
Fedora Update for kernel-headers FEDORA-2018-49bda79bd5
2018-08-04 00:00:00
Fedora Update for kernel-headers FEDORA-2018-cc812838fb
2018-08-04 00:00:00
Mageia: Security Advisory (MGASA-2018-0337)
2022-01-28 00:00:00
f5
f5
K05510205 : Linux kernel vulnerability CVE-2018-14678
2019-01-17 00:00:00
debiancve
debiancve
CVE-2018-14678
2018-07-28 18:29:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-08-12 23:39:12
Updated kernel-linus packages fix security vulnerabilities
2018-08-15 18:45:26
Updated kernel-tmb packages fix security vulnerabilities
2018-08-15 18:45:26
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-09-06 00:00:00
Unbreakable Enterprise kernel security update
2018-10-10 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2018-0088
2018-08-28 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2019-04-02 00:00:00
Linux kernel vulnerabilities
2019-04-02 00:00:00
cloudfoundry
cloudfoundry
USN-3931-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
debian
debian
[SECURITY] [DSA 4308-1] linux security update
2018-10-01 15:21:20
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
2018-12-05 22:20:01

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for XSA-274
prion1redhatcve1ubuntucve1cve1nessus10cvelist1fedora37openvas46f51debiancve1mageia3oraclelinux2photon1ubuntu2cloudfoundry1debian1ibm1