CVE-2018-18883

Advisory lineage Upstream: 0 Downstream: 7

Downstream

ALPINE-CVE-2018-18883 DEBIAN-CVE-2018-18883 OPENSUSE-SU-2024:11520-1 SUSE-SU-2018:4070-1 SUSE-SU-2018:4300-1 SUSE-SU-2019:0003-1

Modified

Published: 01 Nov 2018, 00:00

Last modified:05 Aug 2024, 11:23

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

v3.0 (nvd)

EPSS Score

0.17% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Nov 2018, 00:00

Published

Vulnerability first disclosed

05 Aug 2024, 11:23

Last Modified

Vulnerability information updated

Description

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.

CVSS Metrics

v3.0•HIGH•Score: 8.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.17%• Percentile: 38%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

xen•xen
≥ 4.9.0, ≤ 4.11.0