CVE-2019-18422

HIGH

Xen <4.12.x - DoS/Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

References (7)

Core 7
Core References
Patch, Vendor Advisory x_refsource_misc
http://xenbits.xen.org/xsa/advisory-303.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/31/5
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4602
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/21

Scores

CVSS v3 8.8
EPSS 0.0347
EPSS Percentile 87.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (6)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 29
fedoraproject/fedora 30
fedoraproject/fedora 31
xen/xen < 4.12.1
Published Oct 31, 2019
Tracked Since Feb 18, 2026