CVE-2019-18422

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

References

http://www.openwall.com/lists/oss-security/2019/10/31/5

http://xenbits.xen.org/xsa/advisory-303.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

Details

Source: MITRE

Published: 2019-10-31

Updated: 2019-11-17

Type: CWE-732

Risk Information

CVSS v2

Base Score: 8.5

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.8

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:arm:* versions up to 4.12.1 (inclusive)

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
132875Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
critical
132092SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:3310-1)NessusSuSE Local Security Checks
high
132091SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:3309-1)NessusSuSE Local Security Checks
high
132073SUSE SLES12 Security Update : xen (SUSE-SU-2019:3297-1)NessusSuSE Local Security Checks
critical
131460Fedora 30 : xen (2019-cbb732f760)NessusFedora Local Security Checks
critical
131143Fedora 31 : xen (2019-376ec5c107)NessusFedora Local Security Checks
critical
131098Fedora 29 : xen (2019-865bb16900)NessusFedora Local Security Checks
critical
131062openSUSE Security Update : xen (openSUSE-2019-2508)NessusSuSE Local Security Checks
critical
130959SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2961-1)NessusSuSE Local Security Checks
critical