Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-18425 (GCVE-0-2019-18425)
Vulnerability from cvelistv5 – Published: 2019-10-31 13:39 – Updated: 2024-08-05 01:54
VLAI?
EPSS
Summary
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://xenbits.xen.org/xsa/advisory-298.html | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2019/10/31/2 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2020/dsa-4602 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2020/Jan/21 | mailing-listx_refsource_BUGTRAQ |
| https://security.gentoo.org/glsa/202003-56 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"name": "[oss-security] 20191031 Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"name": "openSUSE-SU-2019:2506",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"name": "FEDORA-2019-865bb16900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"name": "[oss-security] 20191031 Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"name": "openSUSE-SU-2019:2506",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"name": "FEDORA-2019-865bb16900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-298.html",
"refsource": "MISC",
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"name": "[oss-security] 20191031 Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"name": "openSUSE-SU-2019:2506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"name": "FEDORA-2019-865bb16900",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"name": "FEDORA-2019-376ec5c107",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "FEDORA-2019-cbb732f760",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18425",
"datePublished": "2019-10-31T13:39:17.000Z",
"dateReserved": "2019-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-18425",
"date": "2026-05-24",
"epss": "0.04874",
"percentile": "0.89679"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"versionEndIncluding\": \"4.12.1\", \"matchCriteriaId\": \"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.12.x, permitiendo a usuarios del SO invitado de PV de 32 bits alcanzar privilegios del SO invitado mediante la instalaci\\u00f3n y el uso de descriptores. Se presenta una falta la comprobaci\\u00f3n de l\\u00edmite de la tabla descriptor en la emulaci\\u00f3n PV x86. Al emular determinadas operaciones de invitados PV, el c\\u00f3digo de emulaci\\u00f3n realiza los accesos a la tabla de descriptores. Dichos accesos deben respetar los l\\u00edmites especificados por parte del invitado, a menos que se garantice que fallen en tal caso. Sin esto, la emulaci\\u00f3n de llamadas de modo de usuario invitado de 32 bits por medio de las puertas de llamada permitir\\u00eda la instalaci\\u00f3n del modo de usuario invitado y luego usar\\u00eda los descriptores de su elecci\\u00f3n, siempre que el kernel invitado no instalara un LDT. (La mayor\\u00eda de los sistemas operativos no instalan ning\\u00fan LDT por defecto). El modo de usuario invitado PV de 32 bits puede elevar sus privilegios a los del kernel invitado. Las versiones de Xen de por lo menos 3.2 en adelante est\\u00e1n afectadas. Solo el modo de usuario invitado PV de 32 bits puede aprovechar esta vulnerabilidad. HVM, PVH, as\\u00ed como los invitados PV de 64 bits no pueden explotar esta vulnerabilidad. Los sistemas ARM no est\\u00e1n afectados.\"}]",
"id": "CVE-2019-18425",
"lastModified": "2024-11-21T04:33:14.447",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-10-31T14:15:12.150",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/31/2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-298.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2019/10/31/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-298.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-18425\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-31T14:15:12.150\",\"lastModified\":\"2024-11-21T04:33:14.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.12.x, permitiendo a usuarios del SO invitado de PV de 32 bits alcanzar privilegios del SO invitado mediante la instalaci\u00f3n y el uso de descriptores. Se presenta una falta la comprobaci\u00f3n de l\u00edmite de la tabla descriptor en la emulaci\u00f3n PV x86. Al emular determinadas operaciones de invitados PV, el c\u00f3digo de emulaci\u00f3n realiza los accesos a la tabla de descriptores. Dichos accesos deben respetar los l\u00edmites especificados por parte del invitado, a menos que se garantice que fallen en tal caso. Sin esto, la emulaci\u00f3n de llamadas de modo de usuario invitado de 32 bits por medio de las puertas de llamada permitir\u00eda la instalaci\u00f3n del modo de usuario invitado y luego usar\u00eda los descriptores de su elecci\u00f3n, siempre que el kernel invitado no instalara un LDT. (La mayor\u00eda de los sistemas operativos no instalan ning\u00fan LDT por defecto). El modo de usuario invitado PV de 32 bits puede elevar sus privilegios a los del kernel invitado. Las versiones de Xen de por lo menos 3.2 en adelante est\u00e1n afectadas. Solo el modo de usuario invitado PV de 32 bits puede aprovechar esta vulnerabilidad. HVM, PVH, as\u00ed como los invitados PV de 64 bits no pueden explotar esta vulnerabilidad. Los sistemas ARM no est\u00e1n afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionEndIncluding\":\"4.12.1\",\"matchCriteriaId\":\"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/31/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-298.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/10/31/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-298.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-541
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen . Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Se référer au bulletin de sécurité de l'éditeur pour vérifier si vos systèmes sont vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour v\u00e9rifier si vos syst\u00e8mes sont vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18425"
},
{
"name": "CVE-2019-18420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18420"
},
{
"name": "CVE-2019-18421",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18421"
},
{
"name": "CVE-2019-18422",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18422"
},
{
"name": "CVE-2019-18423",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18423"
},
{
"name": "CVE-2019-18424",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18424"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-541",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 298 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-298.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 296 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-296.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 299 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-299.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 301 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-301.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 303 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-303.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 302 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-302.html"
}
]
}
CERTFR-2019-AVI-543
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "XenServer 7.6",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.1 LTSR Cumulative Update 2",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.0",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.0",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18425"
},
{
"name": "CVE-2019-18420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18420"
},
{
"name": "CVE-2019-18421",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18421"
},
{
"name": "CVE-2019-18424",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18424"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-543",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix. Elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix du 31 octobre 2019",
"url": "https://support.citrix.com/article/CTX263477"
}
]
}
CERTFR-2019-AVI-541
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen . Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Se référer au bulletin de sécurité de l'éditeur pour vérifier si vos systèmes sont vulnérables (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour v\u00e9rifier si vos syst\u00e8mes sont vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18425"
},
{
"name": "CVE-2019-18420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18420"
},
{
"name": "CVE-2019-18421",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18421"
},
{
"name": "CVE-2019-18422",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18422"
},
{
"name": "CVE-2019-18423",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18423"
},
{
"name": "CVE-2019-18424",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18424"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-541",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen . Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 298 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-298.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 296 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-296.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 299 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-299.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 301 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-301.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 303 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-303.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen 302 du 31 octobre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-302.html"
}
]
}
CERTFR-2019-AVI-543
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "XenServer 7.6",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.1 LTSR Cumulative Update 2",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "XenServer 7.0",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.0",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-18425",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18425"
},
{
"name": "CVE-2019-18420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18420"
},
{
"name": "CVE-2019-18421",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18421"
},
{
"name": "CVE-2019-18424",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18424"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-543",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix. Elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix du 31 octobre 2019",
"url": "https://support.citrix.com/article/CTX263477"
}
]
}
BDU:2020-01423
Vulnerability from fstec - Published: 31.10.2019
VLAI Severity ?
Title
Уязвимость гипервизора Xen, связанная с небезопасным управлением привилегиями, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость гипервизора Xen связана с ошибкой эмуляции PV x86, в которой отсутствует проверка лимита таблицы дескрипторов . Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project, Novell Inc., The Linux Foundation, АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Fedora, OpenSUSE Leap, Xen, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 29 (Fedora), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), до 4.12.1 включительно (Xen), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Xen:
http://xenbits.xen.org/xsa/advisory-298.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2019-18425
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011
Для Fedora Project:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html
Для ОС ОН «Стрелец»:
Обновление программного обеспечения xen до версии 4.8.5.final+shim4.10.4-1+deb9u12
Reference
http://xenbits.xen.org/xsa/advisory-298.html
https://nvd.nist.gov/vuln/detail/CVE-2019-18425
https://security-tracker.debian.org/tracker/CVE-2019-18425
https://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-269
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, Novell Inc., The Linux Foundation, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 29 (Fedora), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), \u0434\u043e 4.12.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xen), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Xen:\nhttp://xenbits.xen.org/xsa/advisory-298.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2019-18425\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011\n\n\u0414\u043b\u044f Fedora Project:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xen \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.8.5.final+shim4.10.4-1+deb9u12",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.10.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01423",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-18425",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora, OpenSUSE Leap, Xen, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 29 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u044d\u043c\u0443\u043b\u044f\u0446\u0438\u0438 PV x86, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043b\u0438\u043c\u0438\u0442\u0430 \u0442\u0430\u0431\u043b\u0438\u0446\u044b \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440\u043e\u0432 . \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://xenbits.xen.org/xsa/advisory-298.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18425\nhttps://security-tracker.debian.org/tracker/CVE-2019-18425\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2019-18425
Vulnerability from fkie_nvd - Published: 2019-10-31 14:15 - Updated: 2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "18F9F58D-58A0-4356-AB70-E5ACF913BFCA",
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.12.x, permitiendo a usuarios del SO invitado de PV de 32 bits alcanzar privilegios del SO invitado mediante la instalaci\u00f3n y el uso de descriptores. Se presenta una falta la comprobaci\u00f3n de l\u00edmite de la tabla descriptor en la emulaci\u00f3n PV x86. Al emular determinadas operaciones de invitados PV, el c\u00f3digo de emulaci\u00f3n realiza los accesos a la tabla de descriptores. Dichos accesos deben respetar los l\u00edmites especificados por parte del invitado, a menos que se garantice que fallen en tal caso. Sin esto, la emulaci\u00f3n de llamadas de modo de usuario invitado de 32 bits por medio de las puertas de llamada permitir\u00eda la instalaci\u00f3n del modo de usuario invitado y luego usar\u00eda los descriptores de su elecci\u00f3n, siempre que el kernel invitado no instalara un LDT. (La mayor\u00eda de los sistemas operativos no instalan ning\u00fan LDT por defecto). El modo de usuario invitado PV de 32 bits puede elevar sus privilegios a los del kernel invitado. Las versiones de Xen de por lo menos 3.2 en adelante est\u00e1n afectadas. Solo el modo de usuario invitado PV de 32 bits puede aprovechar esta vulnerabilidad. HVM, PVH, as\u00ed como los invitados PV de 64 bits no pueden explotar esta vulnerabilidad. Los sistemas ARM no est\u00e1n afectados."
}
],
"id": "CVE-2019-18425",
"lastModified": "2024-11-21T04:33:14.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T14:15:12.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WFCX-XXHX-657G
Vulnerability from github – Published: 2022-05-24 22:01 – Updated: 2023-03-29 18:30
VLAI?
Details
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2019-18425"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-31T14:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"id": "GHSA-wfcx-xxhx-657g",
"modified": "2023-03-29T18:30:28Z",
"published": "2022-05-24T22:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18425"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2019-18425
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-18425",
"description": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"id": "GSD-2019-18425",
"references": [
"https://www.suse.com/security/cve/CVE-2019-18425.html",
"https://www.debian.org/security/2020/dsa-4602",
"https://advisories.mageia.org/CVE-2019-18425.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-18425"
],
"details": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"id": "GSD-2019-18425",
"modified": "2023-12-13T01:23:50.187483Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-298.html",
"refsource": "MISC",
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"name": "[oss-security] 20191031 Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"name": "openSUSE-SU-2019:2506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"name": "FEDORA-2019-865bb16900",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"name": "FEDORA-2019-376ec5c107",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "FEDORA-2019-cbb732f760",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18425"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-298.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-298.html"
},
{
"name": "[oss-security] 20191031 Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/31/2"
},
{
"name": "openSUSE-SU-2019:2506",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html"
},
{
"name": "FEDORA-2019-865bb16900",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/"
},
{
"name": "FEDORA-2019-376ec5c107",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "FEDORA-2019-cbb732f760",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-03-29T18:20Z",
"publishedDate": "2019-10-31T14:15Z"
}
}
}
OPENSUSE-SU-2019:2506-1
Vulnerability from csaf_opensuse - Published: 2019-11-14 05:54 - Updated: 2019-11-14 05:54Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
(bsc#1155945)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497).
- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that
of the guest kernel. (bsc#1154456).
- CVE-2019-18421: A malicious PV guest administrator may have been able to
escalate their privilege to that of the host. (bsc#1154458).
- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash,
resulting in a Denial of Service (Dos). (bsc#1154448)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2506
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race\n condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine\n Exception during Page Size Change, causing the CPU core to be non-functional.\n (bsc#1155945)\n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with\n Transactional Memory support could be used to facilitate sidechannel\n information leaks out of microarchitectural buffers, similar to the\n previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497).\n- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that \n of the guest kernel. (bsc#1154456).\n- CVE-2019-18421: A malicious PV guest administrator may have been able to\n escalate their privilege to that of the host. (bsc#1154458).\n- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, \n resulting in a Denial of Service (Dos). (bsc#1154448)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2506-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R6YJ2KCZGK5VBSLWES67ERVZEO724CJC/#R6YJ2KCZGK5VBSLWES67ERVZEO724CJC"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R6YJ2KCZGK5VBSLWES67ERVZEO724CJC/#R6YJ2KCZGK5VBSLWES67ERVZEO724CJC"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-11-14T05:54:33Z",
"generator": {
"date": "2019-11-14T05:54:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2506-1",
"initial_release_date": "2019-11-14T05:54:33Z",
"revision_history": [
{
"date": "2019-11-14T05:54:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_06-lp150.2.25.1.i586",
"product": {
"name": "xen-devel-4.10.4_06-lp150.2.25.1.i586",
"product_id": "xen-devel-4.10.4_06-lp150.2.25.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_06-lp150.2.25.1.i586",
"product": {
"name": "xen-libs-4.10.4_06-lp150.2.25.1.i586",
"product_id": "xen-libs-4.10.4_06-lp150.2.25.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"product_id": "xen-tools-domU-4.10.4_06-lp150.2.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-devel-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-libs-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-tools-4.10.4_06-lp150.2.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_06-lp150.2.25.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586"
},
"product_reference": "xen-devel-4.10.4_06-lp150.2.25.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_06-lp150.2.25.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586"
},
"product_reference": "xen-libs-4.10.4_06-lp150.2.25.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586"
},
"product_reference": "xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:xen-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-devel-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-doc-html-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-32bit-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-libs-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-4.10.4_06-lp150.2.25.1.x86_64",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.i586",
"openSUSE Leap 15.0:xen-tools-domU-4.10.4_06-lp150.2.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-14T05:54:33Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
}
]
}
SUSE-SU-2019:2960-1
Vulnerability from csaf_suse - Published: 2019-11-12 18:17 - Updated: 2019-11-12 18:17Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race
condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine
Exception during Page Size Change, causing the CPU core to be non-functional.
(bsc#1155945)
- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack. (bsc#1152497).
- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that
of the guest kernel. (bsc#1154456).
- CVE-2019-18421: A malicious PV guest administrator may have been able to
escalate their privilege to that of the host. (bsc#1154458).
- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash,
resulting in a Denial of Service (Dos). (bsc#1154448)
Patchnames: SUSE-2019-2960,SUSE-SLE-Module-Basesystem-15-2019-2960,SUSE-SLE-Module-Server-Applications-15-2019-2960
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.6 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
42 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race\n condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine\n Exception during Page Size Change, causing the CPU core to be non-functional.\n (bsc#1155945)\n- CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with\n Transactional Memory support could be used to facilitate sidechannel\n information leaks out of microarchitectural buffers, similar to the\n previously described \u0027Microarchitectural Data Sampling\u0027 attack. (bsc#1152497).\n- CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that \n of the guest kernel. (bsc#1154456).\n- CVE-2019-18421: A malicious PV guest administrator may have been able to\n escalate their privilege to that of the host. (bsc#1154458).\n- CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, \n resulting in a Denial of Service (Dos). (bsc#1154448)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2960,SUSE-SLE-Module-Basesystem-15-2019-2960,SUSE-SLE-Module-Server-Applications-15-2019-2960",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2960-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2960-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192960-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2960-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-November/006133.html"
},
{
"category": "self",
"summary": "SUSE Bug 1152497",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "self",
"summary": "SUSE Bug 1154448",
"url": "https://bugzilla.suse.com/1154448"
},
{
"category": "self",
"summary": "SUSE Bug 1154456",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "self",
"summary": "SUSE Bug 1154458",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "self",
"summary": "SUSE Bug 1154461",
"url": "https://bugzilla.suse.com/1154461"
},
{
"category": "self",
"summary": "SUSE Bug 1155945",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12207 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11135 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18420 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18421 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18424 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18425 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18425/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2019-11-12T18:17:19Z",
"generator": {
"date": "2019-11-12T18:17:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2960-1",
"initial_release_date": "2019-11-12T18:17:19Z",
"revision_history": [
{
"date": "2019-11-12T18:17:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-4.10.4_06-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-devel-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-devel-4.10.4_06-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-doc-html-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-doc-html-4.10.4_06-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-libs-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-libs-4.10.4_06-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-tools-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-tools-4.10.4_06-3.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_06-3.25.1.aarch64",
"product": {
"name": "xen-tools-domU-4.10.4_06-3.25.1.aarch64",
"product_id": "xen-tools-domU-4.10.4_06-3.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.10.4_06-3.25.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.10.4_06-3.25.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.10.4_06-3.25.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.10.4_06-3.25.1.i586",
"product": {
"name": "xen-devel-4.10.4_06-3.25.1.i586",
"product_id": "xen-devel-4.10.4_06-3.25.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_06-3.25.1.i586",
"product": {
"name": "xen-libs-4.10.4_06-3.25.1.i586",
"product_id": "xen-libs-4.10.4_06-3.25.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_06-3.25.1.i586",
"product": {
"name": "xen-tools-domU-4.10.4_06-3.25.1.i586",
"product_id": "xen-tools-domU-4.10.4_06-3.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-devel-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-devel-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-doc-html-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-doc-html-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-libs-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-libs-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-libs-32bit-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-tools-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-tools-4.10.4_06-3.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"product": {
"name": "xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"product_id": "xen-tools-domU-4.10.4_06-3.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.10.4_06-3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64"
},
"product_reference": "xen-libs-4.10.4_06-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.10.4_06-3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64"
},
"product_reference": "xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.10.4_06-3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64"
},
"product_reference": "xen-4.10.4_06-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.10.4_06-3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64"
},
"product_reference": "xen-devel-4.10.4_06-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.10.4_06-3.25.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
},
"product_reference": "xen-tools-4.10.4_06-3.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12207"
}
],
"notes": [
{
"category": "general",
"text": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12207",
"url": "https://www.suse.com/security/cve/CVE-2018-12207"
},
{
"category": "external",
"summary": "SUSE Bug 1117665 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1117665"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1155812 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155812"
},
{
"category": "external",
"summary": "SUSE Bug 1155817 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155817"
},
{
"category": "external",
"summary": "SUSE Bug 1155945 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1155945"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-12207",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "moderate"
}
],
"title": "CVE-2018-12207"
},
{
"cve": "CVE-2019-11135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11135"
}
],
"notes": [
{
"category": "general",
"text": "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11135",
"url": "https://www.suse.com/security/cve/CVE-2019-11135"
},
{
"category": "external",
"summary": "SUSE Bug 1139073 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1139073"
},
{
"category": "external",
"summary": "SUSE Bug 1152497 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152497"
},
{
"category": "external",
"summary": "SUSE Bug 1152505 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152505"
},
{
"category": "external",
"summary": "SUSE Bug 1152506 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1152506"
},
{
"category": "external",
"summary": "SUSE Bug 1160120 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1160120"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2019-11135",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-11135"
},
{
"cve": "CVE-2019-18420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18420"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18420",
"url": "https://www.suse.com/security/cve/CVE-2019-18420"
},
{
"category": "external",
"summary": "SUSE Bug 1154448 for CVE-2019-18420",
"url": "https://bugzilla.suse.com/1154448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "important"
}
],
"title": "CVE-2019-18420"
},
{
"cve": "CVE-2019-18421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18421"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be \"promoted\" before being used as a pagetable, and \"demoted\" before being used for any other type. Xen also allows for \"recursive\" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18421",
"url": "https://www.suse.com/security/cve/CVE-2019-18421"
},
{
"category": "external",
"summary": "SUSE Bug 1154458 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1154458"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18421",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "important"
}
],
"title": "CVE-2019-18421"
},
{
"cve": "CVE-2019-18424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18424"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18424",
"url": "https://www.suse.com/security/cve/CVE-2019-18424"
},
{
"category": "external",
"summary": "SUSE Bug 1154461 for CVE-2019-18424",
"url": "https://bugzilla.suse.com/1154461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "important"
}
],
"title": "CVE-2019-18424"
},
{
"cve": "CVE-2019-18425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18425"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don\u0027t install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18425",
"url": "https://www.suse.com/security/cve/CVE-2019-18425"
},
{
"category": "external",
"summary": "SUSE Bug 1154456 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1154456"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-18425",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:xen-libs-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:xen-tools-domU-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-devel-4.10.4_06-3.25.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:xen-tools-4.10.4_06-3.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-12T18:17:19Z",
"details": "important"
}
],
"title": "CVE-2019-18425"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…