Denial of Service and Privilege Escalation Vulnerability in Linux Kernel through 4.17.11 and Xen through 4.11.x

Denial of Service and Privilege Escalation Vulnerability in Linux Kernel through 4.17.11 and Xen through 4.11.x

CVE-2018-14678 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.