CVE-2018-15470

Priority
Description
An issue was discovered in Xen through 4.11.x. The logic in oxenstored for
handling writes depended on the order of evaluation of expressions making
up a tuple. As indicated in section 7.7.3 "Operations on data structures"
of the OCaml manual, the order of evaluation of subexpressions is not
specified. In practice, different implementations behave differently. Thus,
oxenstored may not enforce the configured quota-maxentity. This allows a
malicious or buggy guest to write as many xenstore entries as it wishes,
causing unbounded memory usage in oxenstored. This can lead to a
system-wide DoS.
Notes
 mdeslaur> hypervisor packages are in universe. For
 mdeslaur> issues in the hypervisor, add appropriate
 mdeslaur> tags to each section, ex:
 mdeslaur> Tags_xen: universe-binary
Package
Source: xen (LP Ubuntu Debian)
Upstream:released (4.11.1~pre.20180911.5acdd26fdc+dfsg-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-09-19 14:44:57 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)