CVE-2019-18424

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html

http://www.openwall.com/lists/oss-security/2019/10/31/6

http://xenbits.xen.org/xsa/advisory-302.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

Details

Source: MITRE

Published: 2019-10-31

Updated: 2019-11-14

Type: CWE-78

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.12.1 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
150584SUSE SLES11 Security Update : xen (SUSE-SU-2020:14444-1)NessusSuSE Local Security Checks
critical
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
134964GLSA-202003-56 : Xen: Multiple vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusGentoo Local Security Checks
critical
133763SUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)NessusSuSE Local Security Checks
critical
133539SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)NessusSuSE Local Security Checks
critical
132875Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
critical
132092SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:3310-1)NessusSuSE Local Security Checks
high
132073SUSE SLES12 Security Update : xen (SUSE-SU-2019:3297-1)NessusSuSE Local Security Checks
critical
131460Fedora 30 : xen (2019-cbb732f760)NessusFedora Local Security Checks
critical
131143Fedora 31 : xen (2019-376ec5c107)NessusFedora Local Security Checks
critical
131098Fedora 29 : xen (2019-865bb16900)NessusFedora Local Security Checks
critical
131062openSUSE Security Update : xen (openSUSE-2019-2508)NessusSuSE Local Security Checks
critical
131060openSUSE Security Update : xen (openSUSE-2019-2506)NessusSuSE Local Security Checks
critical
131019Xen PCI Pass-Through Elevation of Privilege vulnerability (XSA-302)NessusMisc.
medium
130960SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2962-1)NessusSuSE Local Security Checks
critical
130959SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2961-1)NessusSuSE Local Security Checks
critical
130958SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2960-1)NessusSuSE Local Security Checks
critical