CVE-2019-17344

MEDIUM

Xen < 4.11.2 - Denial of Service

Title source: rule

Description

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.

References (5)

[Vendor Advisory] http://xenbits.xen.org/xsa/advisory-290.html

[Mitigation, Patch, Vendor Advisory] https://xenbits.xen.org/xsa/advisory-290.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/10/25/3

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4602

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/21

Scores

CVSS v3 6.5

EPSS 0.0015

EPSS Percentile 34.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-662

Status published

Products (3)

debian/debian_linux 9.0

debian/debian_linux 10.0

xen/xen < 4.11.2

Published Oct 08, 2019

Tracked Since Feb 18, 2026