Vulnerability CVE-2018-15471

Vulnerability Name:

CVE-2018-15471 (CCN-148329)

Assigned:

2018-08-14

Published:

2018-08-14

Updated:

2020-08-24

Summary:

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2018-15471

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: CCN
Type: Xen Security Advisory XSA-270
Linux netback driver OOB access in hash handling

Source: MISC
Type: Vendor Advisory
http://xenbits.xen.org/xsa/advisory-270.html

Source: MISC
Type: Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1607

Source: XF
Type: UNKNOWN
xen-linux-netback-priv-esc(148329)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update

Source: UBUNTU
Type: Third Party Advisory
USN-3819-1

Source: UBUNTU
Type: Third Party Advisory
USN-3820-1

Source: UBUNTU
Type: Third Party Advisory
USN-3820-2

Source: UBUNTU
Type: Third Party Advisory
USN-3820-3

Source: DEBIAN
Type: Third Party Advisory
DSA-4313

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version <= 4.11.0)

Configuration 2:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.18.1)

Configuration 3:

cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3412	P	openldap2-devel-32bit-2.4.46-150200.14.5.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3470	P	cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3567	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3438	P	java-1_8_0-openjdk-1.8.0.322-3.64.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3491	P	libmariadbd-devel-10.6.7-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3569	P	libZXing1-1.2.0-9.7.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3423	P	perl-doc-5.26.1-150300.17.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3542	P	nodejs16-16.14.1-150400.1.26 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3464	P	apache2-mod_apparmor-3.0.4-150400.3.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3528	P	stunnel-5.62-3.14.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3407	P	log4j12-javadoc-1.2.17-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3445	P	php7-pear-1.10.21-3.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3563	P	grilo-lang-0.3.14-150400.1.11 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3420	P	perl-PerlMagick-7.1.0.9-150400.4.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3477	P	frr-7.4-150300.4.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3549	P	PackageKit-gstreamer-plugin-1.2.4-150400.1.11 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3571	P	libavformat58_76-4.4-150400.1.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3413	P	osc-0.172.0-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3570	P	libavcodec-devel-3.4.2-11.17.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3525	P	sca-patterns-sle12-1.5.0-150400.1.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3568	P	libEMF1-1.0.13-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3404	P	libprotoc20-3.9.2-4.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3439	P	libcgroup-devel-0.41.rc1-1.10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3492	P	libopenvswitch-2_14-0-2.14.2-150400.22.23 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3427	P	rpm-build-4.14.3-150300.46.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3543	P	php-composer2-2.2.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3465	P	apache2-mod_auth_mellon-0.17.0-150200.5.7.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3532	P	uuidd-2.37.2-150400.6.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3411	P	ocaml-hivex-1.3.21-150400.2.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3489	P	liblasso3-2.6.1-16.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3564	P	gstreamer-plugins-ugly-1.20.1-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3421	P	perl-YAML-LibYAML-0.69-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3478	P	gnuplot-5.4.3-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3573	P	libical-glib-devel-3.0.10-150400.1.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3417	P	perl-DNS-LDNS-1.7.0-4.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3574	P	libiso9660-10-0.94-6.9.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3526	P	spice-gtk-devel-0.39-150400.2.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3572	P	libgadu-devel-1.12.2-1.44 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3405	P	libtdsodbc0-1.1.36-150400.12.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3440	P	libicu60_2-60.2-3.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3496	P	libsaml-devel-3.1.0-1.27 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3475	P	erlang-rabbitmq-client-3.8.11-3.3.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3544	P	tomcat-9.0.36-150200.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3410	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3466	P	apache2-mod_auth_openidc-2.3.8-3.15.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3566	P	imobiledevice-tools-1.3.0+git.20210921-150400.1.15 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3490	P	libmariadb-devel-3.1.13-3.30.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3565	P	icedtea-web-1.7.2-150100.7.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3422	P	perl-apparmor-3.0.4-150400.3.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3482	P	ipmitool-bmc-snmp-proxy-1.8.18.238.gb7adc1d-150400.1.14 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3578	P	libotr-devel-4.1.1-2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3463	P	apache2-devel-2.4.51-150400.4.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3527	P	squid-5.4.1-150400.1.16 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3406	P	libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3441	P	libncurses5-32bit-6.1-5.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3562	P	gnome-shell-calendar-41.4-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3476	P	freeradius-server-3.0.25-150400.2.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3545	P	Mesa-dri-nouveau-21.2.4-150400.66.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:4232	P	Security update for MozillaFirefox (Important)	2021-11-19
oval:org.opensuse.security:def:201815471	V	CVE-2018-15471	2021-10-23
oval:org.opensuse.security:def:4228	P	Security update for python (Moderate)	2021-10-20
oval:org.opensuse.security:def:4227	P	Security update for flatpak (Important)	2021-10-20
oval:org.opensuse.security:def:4226	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:4225	P	Security update for libqt5-qtsvg (Moderate)	2021-10-12
oval:org.opensuse.security:def:4216	P	Security update for libaom (Important)	2021-09-09
oval:org.opensuse.security:def:4212	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:4211	P	Security update for MozillaFirefox (Important)	2021-08-19
oval:org.opensuse.security:def:4209	P	Security update for spice-vdagent (Important)	2021-08-05
oval:org.opensuse.security:def:4210	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:51141	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:51140	P	Security update for openldap2 (Moderate)	2021-01-15
oval:org.opensuse.security:def:51147	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:51143	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:51142	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:50958	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:51215	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:52657	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:49922	P	python2-numpy on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50286	P	Recommended update for yast2-ftp-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:50714	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:52599	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:50545	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:51060	P	Security update for runc (Moderate)	2020-12-01
oval:org.opensuse.security:def:51316	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:49943	P	dhcp-relay on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50444	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:51242	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:49925	P	python2-pyOpenSSL on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51209	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:50708	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52593	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:50075	P	librelp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50552	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:50441	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:50959	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:52658	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:49923	P	python2-paramiko on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50287	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50546	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:51061	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Moderate)	2020-12-01
oval:org.opensuse.security:def:51317	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:49944	P	dovecot23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50448	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:51243	P	Security update for SDL2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49929	P	python2-salt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51210	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:50284	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:50709	P	Security update for libidn2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52594	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50076	P	libsaml-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51058	P	Security update for docker-runc (Moderate)	2020-12-01
oval:org.opensuse.security:def:50442	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50960	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:52659	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:49924	P	python2-pip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50291	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:50073	P	libmariadbd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50547	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:51065	P	Security update for podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:51318	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49945	P	dpdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51244	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:50957	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:51211	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:52656	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:49921	P	python2-libxml2-python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50285	P	Security update for kernel-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:50710	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:52595	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50080	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51059	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:49942	P	davfs2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50443	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:50964	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:51241	P	Security update for libopenmpt (Moderate)	2020-12-01
oval:org.opensuse.security:def:52663	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:49928	P	python2-requests on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51208	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:50707	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:52592	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:50074	P	libosinfo-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50548	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51319	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:49949	P	gtk-vnc-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51248	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)	2020-12-01
oval:com.ubuntu.xenial:def:2018154710000000	V	CVE-2018-15471 on Ubuntu 16.04 LTS (xenial) - high.	2018-08-17
oval:com.ubuntu.bionic:def:201815471000	V	CVE-2018-15471 on Ubuntu 18.04 LTS (bionic) - high.	2018-08-17
oval:com.ubuntu.cosmic:def:201815471000	V	CVE-2018-15471 on Ubuntu 18.10 (cosmic) - high.	2018-08-17
oval:com.ubuntu.cosmic:def:2018154710000000	V	CVE-2018-15471 on Ubuntu 18.10 (cosmic) - high.	2018-08-17
oval:com.ubuntu.trusty:def:201815471000	V	CVE-2018-15471 on Ubuntu 14.04 LTS (trusty) - high.	2018-08-17
oval:com.ubuntu.bionic:def:2018154710000000	V	CVE-2018-15471 on Ubuntu 18.04 LTS (bionic) - high.	2018-08-17
oval:com.ubuntu.xenial:def:201815471000	V	CVE-2018-15471 on Ubuntu 16.04 LTS (xenial) - high.	2018-08-17

BACK