CVE-2018-18883

NameCVE-2018-18883
DescriptionAn issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye (security), bullseye4.14.5+86-g1c354767d5-1fixed
bookworm, sid4.17.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcejessie(not affected)
xensourcestretch(not affected)
xensource(unstable)4.11.1-1

Notes

[stretch] - xen <not-affected> (Only affects 4.9 and later)
[jessie] - xen <not-affected> (Only affects 4.9 and later)
https://xenbits.xen.org/xsa/advisory-278.txt
Search for package or bug name: Reporting problems