{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201810-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201810-06"}, {"name": "102433", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102433"}, {"name": "1040774", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040774"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-253.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201810-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201810-06"}, {"name": "102433", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102433"}, {"name": "1040774", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040774"}, {"name": "https://xenbits.xen.org/xsa/advisory-253.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-253.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:43.746Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201810-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201810-06"}, {"name": "102433", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102433"}, {"name": "1040774", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040774"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-253.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5244", "datePublished": "2018-01-05T18:00:00", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2024-08-05T05:33:43.746Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0060574-66EE-413D-9C6B-197AF1164EC9", "versionStartIncluding": "4.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."}, {"lang": "es", "value": "En Xen 4.10, se introdujo una nueva infraestructura como parte de una revisi\u00f3n de c\u00f3mo ocurre la emulaci\u00f3n MSR para los invitados. Desafortunadamente, no se libera una estructura de rastreo cuando se destruye una vcpu. Esto permite que administradores invitados del sistema operativo provoquen una denegaci\u00f3n de servicio (consumo de memoria del sistema operativo del host) reiniciando muchas veces."}], "id": "CVE-2018-5244", "lastModified": "2018-10-31T10:32:20.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-05T18:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102433"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1040774"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201810-06"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-253.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper (Citrix) as the original reporter.", "bugzilla": {"description": "xen: memory leak with MSR emulation (XSA-253)", "id": "1528602", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528602"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-400", "details": ["In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times."], "name": "CVE-2018-5244", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2018-01-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-5244\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5244"], "threat_severity": "Moderate"}