CVE-2018-12893

Priority
Description
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260
added some safety checks to help prevent Xen livelocking with debug
exceptions. Unfortunately, due to an oversight, at least one of these
safety checks can be triggered by a guest. A malicious PV guest can crash
Xen, leading to a Denial of Service. All Xen systems which have applied the
XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems
are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86
HVM and PVH guests cannot exploit the vulnerability. An attacker needs to
be able to control hardware debugging facilities to exploit the
vulnerability, but such permissions are typically available to unprivileged
users.
Notes
 mdeslaur> hypervisor packages are in universe. For
 mdeslaur> issues in the hypervisor, add appropriate
 mdeslaur> tags to each section, ex:
 mdeslaur> Tags_xen: universe-binary
Package
Source: xen (LP Ubuntu Debian)
Upstream:released (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-08-23 07:51:11 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)