Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19580 (GCVE-0-2019-19580)
Vulnerability from cvelistv5 – Published: 2019-12-11 16:51 – Updated: 2024-08-05 02:16
VLAI?
EPSS
Summary
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://xenbits.xen.org/xsa/advisory-310.html | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.debian.org/security/2020/dsa-4602 | vendor-advisoryx_refsource_DEBIAN |
| https://seclists.org/bugtraq/2020/Jan/21 | mailing-listx_refsource_BUGTRAQ |
| https://security.gentoo.org/glsa/202003-56 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T14:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19580",
"datePublished": "2019-12-11T16:51:43.000Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-19580",
"date": "2026-05-24",
"epss": "0.00622",
"percentile": "0.7034"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"versionEndIncluding\": \"4.12.1\", \"matchCriteriaId\": \"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\\u00f3n y degradaci\\u00f3n de tablas de p\\u00e1ginas, debido a una soluci\\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\\u00f3 varios problemas cr\\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\\u00e1n afectados. Los sistemas ARM no est\\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\\u00edcil de explotar en la pr\\u00e1ctica.\"}]",
"id": "CVE-2019-19580",
"lastModified": "2024-11-21T04:34:59.233",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.7, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-12-11T18:16:19.397",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-310.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://seclists.org/bugtraq/2020/Jan/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202003-56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4602\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-310.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19580\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-12-11T18:16:19.397\",\"lastModified\":\"2024-11-21T04:34:59.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\u00f3n y degradaci\u00f3n de tablas de p\u00e1ginas, debido a una soluci\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\u00f3 varios problemas cr\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\u00e1n afectados. Los sistemas ARM no est\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\u00edcil de explotar en la pr\u00e1ctica.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionEndIncluding\":\"4.12.1\",\"matchCriteriaId\":\"18F9F58D-58A0-4356-AB70-E5ACF913BFCA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-310.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2020/Jan/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202003-56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-310.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-628
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19578"
},
{
"name": "CVE-2019-19581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19581"
},
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19582",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19582"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-311 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-311.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-309 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-309.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-310 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-307 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-307.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-308 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-308.html"
}
]
}
CERTFR-2019-AVI-630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX266932 du 11 d\u00e9cembre 2019",
"url": "https://support.citrix.com/article/CTX266932"
}
]
}
CERTFR-2019-AVI-628
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19578"
},
{
"name": "CVE-2019-19581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19581"
},
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19582",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19582"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-628",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-311 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-311.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-309 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-309.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-310 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-307 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-307.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-308 du 11 d\u00e9cembre 2019",
"url": "https://xenbits.xen.org/xsa/advisory-308.html"
}
]
}
CERTFR-2019-AVI-630
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de sécurité | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor (anciennement XenServer) version 8.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19577"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2019-19580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19580"
},
{
"name": "CVE-2019-19583",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19583"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-630",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX266932 du 11 d\u00e9cembre 2019",
"url": "https://support.citrix.com/article/CTX266932"
}
]
}
BDU:2020-01429
Vulnerability from fstec - Published: 13.04.2019
VLAI Severity ?
Title
Уязвимость гипервизора Xen, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость гипервизора Xen связана с одновременным использованием общего ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Fedora Project, The Linux Foundation, АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Fedora, Xen, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), до 4.12.1 включительно (Xen), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Xen:
https://xenbits.xen.org/xsa/advisory-310.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2019-19580
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
Для Аstra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
Для ОС ОН «Стрелец»:
Обновление программного обеспечения xen до версии 4.8.5.final+shim4.10.4-1+deb9u12
Reference
https://xenbits.xen.org/xsa/advisory-310.html
https://nvd.nist.gov/vuln/detail/CVE-2019-19580
https://security-tracker.debian.org/tracker/CVE-2019-19580
https://www.suse.com/security/cve/CVE-2019-19580
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/
https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-362
{
"CVSS 2.0": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, The Linux Foundation, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 30 (Fedora), 8 (Debian GNU/Linux), 31 (Fedora), \u0434\u043e 4.12.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xen), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Xen:\nhttps://xenbits.xen.org/xsa/advisory-310.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2019-19580\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\n\n\u0414\u043b\u044f \u0410stra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=71831011\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xen \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.8.5.final+shim4.10.4-1+deb9u12",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.04.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01429",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19580",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Fedora, Xen, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://xenbits.xen.org/xsa/advisory-310.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19580\nhttps://security-tracker.debian.org/tracker/CVE-2019-19580\nhttps://www.suse.com/security/cve/CVE-2019-19580\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/\nhttps://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}
CNVD-2020-07296
Vulnerability from cnvd - Published: 2020-02-14
VLAI Severity ?
Title
Xen权限提升漏洞(CNVD-2020-07296)
Description
Xen是一款开源虚拟机监视器产品。
Xen 4.12.*及更早版本存在权限提升漏洞。该漏洞源于页表升级和降级操作存在竞争条件。攻击者可利用该漏洞获得主机操作系统权限。
Severity
中
Patch Name
Xen权限提升漏洞(CNVD-2020-07296)的补丁
Patch Description
Xen是一款开源虚拟机监视器产品。
Xen 4.12.*及更早版本存在权限提升漏洞。该漏洞源于页表升级和降级操作存在竞争条件。攻击者可利用该漏洞获得主机操作系统权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://xenbits.xen.org/xsa/advisory-310.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-19580
Impacted products
| Name | Xen Xen <=4.12.* |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19580",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580"
}
},
"description": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\n\nXen 4.12.*\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9875\u8868\u5347\u7ea7\u548c\u964d\u7ea7\u64cd\u4f5c\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u6743\u9650\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-310.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-07296",
"openTime": "2020-02-14",
"patchDescription": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\r\n\r\nXen 4.12.*\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9875\u8868\u5347\u7ea7\u548c\u964d\u7ea7\u64cd\u4f5c\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-07296\uff09\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003c=4.12.*"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580",
"serverity": "\u4e2d",
"submitTime": "2019-12-12",
"title": "Xen\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-07296\uff09"
}
FKIE_CVE-2019-19580
Vulnerability from fkie_nvd - Published: 2019-12-11 18:16 - Updated: 2024-11-21 04:34
Severity ?
Summary
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "18F9F58D-58A0-4356-AB70-E5ACF913BFCA",
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\u00f3n y degradaci\u00f3n de tablas de p\u00e1ginas, debido a una soluci\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\u00f3 varios problemas cr\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\u00e1n afectados. Los sistemas ARM no est\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\u00edcil de explotar en la pr\u00e1ctica."
}
],
"id": "CVE-2019-19580",
"lastModified": "2024-11-21T04:34:59.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T18:16:19.397",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5F2H-R2X9-9P3V
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03
VLAI?
Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
{
"affected": [],
"aliases": [
"CVE-2019-19580"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-11T18:16:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GHSA-5f2h-r2x9-9p3v",
"modified": "2022-05-24T17:03:15Z",
"published": "2022-05-24T17:03:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19580"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2019-19580
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19580",
"description": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GSD-2019-19580",
"references": [
"https://www.suse.com/security/cve/CVE-2019-19580.html",
"https://www.debian.org/security/2020/dsa-4602"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19580"
],
"details": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"id": "GSD-2019-19580",
"modified": "2023-12-13T01:23:53.872799Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "4.12.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19580"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-310.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-310.html"
},
{
"name": "FEDORA-2019-6aad703290",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/"
},
{
"name": "FEDORA-2019-2e12bd3a9a",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/"
},
{
"name": "openSUSE-SU-2020:0011",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"tags": [],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202003-56"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-01-03T22:15Z",
"publishedDate": "2019-12-11T18:16Z"
}
}
}
OPENSUSE-SU-2020:0011-1
Vulnerability from csaf_opensuse - Published: 2020-01-13 15:16 - Updated: 2020-01-13 15:16Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).
- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with
a compile time known size of 64 (bsc#1158003 XSA-307).
- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace
code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).
- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused
hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).
- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator
could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).
- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen
to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311).
- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access
to a physical device can DMA into host memory (bsc#1157888 XSA-306).
- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-11
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.9 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307).\n- CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with \n a compile time known size of 64 (bsc#1158003 XSA-307).\n- CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace \n code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308).\n- CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused\n hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309).\n- CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator \n could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310).\n- CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen \n to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). \n- CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access \n to a physical device can DMA into host memory (bsc#1157888 XSA-306).\n- Fixed an issue where PCI passthrough failed on AMD machine xen host (bsc#1157047). \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-11",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0011-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0011-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4KE3WRZH73TP6XEJRYK5KUAKIEZXPRY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0011-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H4KE3WRZH73TP6XEJRYK5KUAKIEZXPRY/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19577 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19578 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19579 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19580 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19581 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19582 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19583 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19583/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-01-13T15:16:17Z",
"generator": {
"date": "2020-01-13T15:16:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0011-1",
"initial_release_date": "2020-01-13T15:16:17Z",
"revision_history": [
{
"date": "2020-01-13T15:16:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-devel-4.12.1_06-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-libs-4.12.1_06-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"product": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"product_id": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"product_id": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-devel-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-libs-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586"
},
"product_reference": "xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-19577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19577"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest\u0027s address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19577",
"url": "https://www.suse.com/security/cve/CVE-2019-19577"
},
{
"category": "external",
"summary": "SUSE Bug 1158007 for CVE-2019-19577",
"url": "https://bugzilla.suse.com/1158007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19577"
},
{
"cve": "CVE-2019-19578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19578"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. \"Linear pagetables\" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the \"depth\" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some \"linear_pt_entry\" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19578",
"url": "https://www.suse.com/security/cve/CVE-2019-19578"
},
{
"category": "external",
"summary": "SUSE Bug 1158005 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1158005"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19578",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19578"
},
{
"cve": "CVE-2019-19579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19579"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl\u0027s \"assignable-add\" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these \"alternate\" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19579",
"url": "https://www.suse.com/security/cve/CVE-2019-19579"
},
{
"category": "external",
"summary": "SUSE Bug 1157888 for CVE-2019-19579",
"url": "https://bugzilla.suse.com/1157888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19579"
},
{
"cve": "CVE-2019-19580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19580"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19580",
"url": "https://www.suse.com/security/cve/CVE-2019-19580"
},
{
"category": "external",
"summary": "SUSE Bug 1158006 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1158006"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19580",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19580"
},
{
"cve": "CVE-2019-19581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19581"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19581",
"url": "https://www.suse.com/security/cve/CVE-2019-19581"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19581",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19581"
},
{
"cve": "CVE-2019-19582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19582"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19582",
"url": "https://www.suse.com/security/cve/CVE-2019-19582"
},
{
"category": "external",
"summary": "SUSE Bug 1158003 for CVE-2019-19582",
"url": "https://bugzilla.suse.com/1158003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "moderate"
}
],
"title": "CVE-2019-19582"
},
{
"cve": "CVE-2019-19583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19583"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19583",
"url": "https://www.suse.com/security/cve/CVE-2019-19583"
},
{
"category": "external",
"summary": "SUSE Bug 1158004 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1158004"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2019-19583",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.1_06-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.1_06-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-01-13T15:16:17Z",
"details": "important"
}
],
"title": "CVE-2019-19583"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…