Alpine: multiple xen packages: security update to 4.13.0-r0

critical Tenable Cloud Security Plugin ID 424706

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS
privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV
emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the
emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to
fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would
allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did
not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can
elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected.
Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests
cannot leverage this vulnerability. Arm systems are unaffected. (CVE-2019-18425)

- Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R)
Processors may allow an authenticated user to potentially enable denial of service of the host system via
local access. (CVE-2018-12207)

- TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated
user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)

- An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by
leveraging race conditions in pagetable promotion and demotion operations. There are issues with
restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the
actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables
directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being
used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive"
promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be
promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take
an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive
pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains
several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing
guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to
escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM
and PVH guests cannot exercise this vulnerability. (CVE-2019-18421)

- An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or
gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally
unmasked in exception handlers. When an exception occurs on an ARM system which is handled without
changing processor level, some interrupts are unconditionally enabled during exception entry. So
exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious
guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This
could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise
attack technique has not been identified. (CVE-2019-18422)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-12207

https://security.alpinelinux.org/vuln/CVE-2019-11135

https://security.alpinelinux.org/vuln/CVE-2019-18421

https://security.alpinelinux.org/vuln/CVE-2019-18422

https://security.alpinelinux.org/vuln/CVE-2019-18423

https://security.alpinelinux.org/vuln/CVE-2019-18424

https://security.alpinelinux.org/vuln/CVE-2019-18425

https://security.alpinelinux.org/vuln/CVE-2019-19577

https://security.alpinelinux.org/vuln/CVE-2019-19578

https://security.alpinelinux.org/vuln/CVE-2019-19579

https://security.alpinelinux.org/vuln/CVE-2019-19580

https://security.alpinelinux.org/vuln/CVE-2019-19582

https://security.alpinelinux.org/vuln/CVE-2019-19583

Plugin Details

Severity: Critical

ID: 424706

Version: Revision 1.8

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 95.11

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-18425

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/31/2019

Reference Information

CVE: CVE-2018-12207, CVE-2019-11135, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579, CVE-2019-19580, CVE-2019-19582, CVE-2019-19583

IAVB: 2019-B-0084-S, 2019-B-0091-S