CVE-2018-19966

HIGH

Xen <4.11.x - DoS

Title source: llm

Description

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

References (6)

[Third Party Advisory] https://www.debian.org/security/2019/dsa-4369

[Mitigation, Patch, Vendor Advisory] https://xenbits.xen.org/xsa/advisory-280.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106182

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html

Scores

CVSS v3 8.8

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-436

Status published

Products (2)

debian/debian_linux 9.0

xen/xen 4.11.0 - 4.11.1

Published Dec 08, 2018

Tracked Since Feb 18, 2026