CVE Vulnerabilities

CVE-2018-15470

Uncontrolled Resource Consumption

Published: Aug 17, 2018 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
6 MODERATE
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Ubuntu
MEDIUM

An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 Operations on data structures of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

Name Vendor Start Version End Version
Xen Xen * 4.11.0 (including)
Xen Ubuntu bionic *
Xen Ubuntu cosmic *
Xen Ubuntu disco *
Xen Ubuntu eoan *
Xen Ubuntu esm-infra/bionic *
Xen Ubuntu esm-infra/xenial *
Xen Ubuntu groovy *
Xen Ubuntu hirsute *
Xen Ubuntu impish *
Xen Ubuntu trusty *
Xen Ubuntu upstream *
Xen Ubuntu xenial *

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References