CVE-2018-12892

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2018-12892
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-07-02 17:29:00 UTC
Updated2019-03-29 16:24:00 UTC
DescriptionAn issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 9.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Xen Xen All All All All

References

ReferenceSourceLinkTags
XSA-266 - Xen Security Advisories CONFIRM xenbits.xen.org Vendor Advisory
Xen: Multiple vulnerabilities (GLSA 201810-06) — Gentoo security GENTOO security.gentoo.org Third Party Advisory
Xen Lets Local Administrative Users on a Guest System Write to Read-Only Disks in Certain Cases - SecurityTracker SECTRACK www.securitytracker.com Third Party Advisory, VDB Entry
Xen CVE-2018-12892 Local Security Bypass Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
oss-security - Xen Security Advisory 266 (CVE-2018-12892) - libxl fails to honour readonly flag on HVM emulated SCSI disks MLIST www.openwall.com Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-4236-1 xen DEBIAN www.debian.org Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 500750 Alpine Linux Security Update for xen
  • 504527 Alpine Linux Security Update for xen
  • 710221 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201810-06)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report