Vulnerability Description
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.11.0 |
Related Weaknesses (CWE)
References
- http://xenbits.xen.org/xsa/advisory-269.htmlVendor Advisory
- https://security.gentoo.org/glsa/201810-06Third Party Advisory
- http://xenbits.xen.org/xsa/advisory-269.htmlVendor Advisory
- https://security.gentoo.org/glsa/201810-06Third Party Advisory
FAQ
What is CVE-2018-15468?
CVE-2018-15468 is a vulnerability with a CVSS score of 6.0 (MEDIUM). An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtual...
How severe is CVE-2018-15468?
CVE-2018-15468 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15468?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.