CVE-2018-15468

MEDIUM Year: 2018
CVSS v3 Score
6.0
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service.

Related Vulnerabilities

CVE-2022-27608

MEDIUM
CVSS:6.0(Medium)

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti...

CWE-8632022

CVE-2022-27609

MEDIUM
CVSS:6.0(Medium)

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could resul...

CWE-8632022

CVE-2024-13947

HIGH
CVSS:6.0(Medium)

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through...

CWE-8632024

CVE-2019-11724

MEDIUM
CVSS:6.1(Medium)

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unneces...

CWE-8632019

CVE-2019-25017

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, th...

CWE-8632019

CVE-2021-20290

MEDIUM
CVSS:6.1(Medium)

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw ...

CWE-8632021