Vulnerability Description
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | >= 4.10.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102433Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040774
- https://security.gentoo.org/glsa/201810-06
- https://xenbits.xen.org/xsa/advisory-253.htmlIssue TrackingMitigationVendor Advisory
- http://www.securityfocus.com/bid/102433Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040774
- https://security.gentoo.org/glsa/201810-06
- https://xenbits.xen.org/xsa/advisory-253.htmlIssue TrackingMitigationVendor Advisory
FAQ
What is CVE-2018-5244?
CVE-2018-5244 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows g...
How severe is CVE-2018-5244?
CVE-2018-5244 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5244?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.