CVE-2019-18422
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
Se detectó un problema en Xen versiones hasta 4.12.x, permitiendo a usuarios del sistema operativo invitado ARM causar una denegación de servicio o alcanzar privilegios mediante el aprovechamiento de la habilitación errónea de interrupciones. Las interrupciones se desenmascaran incondicionalmente en los controladores de excepciones. Cuando se produce una excepción en un sistema ARM que es manejado sin cambiar el nivel del procesador, algunas interrupciones son habilitadas incondicionalmente durante la entrada de la excepción. Por lo tanto, las excepciones que se presentan cuando se enmascaran las interrupciones desenmascararán efectivamente las interrupciones. Un invitado malicioso podría lograr que el código Xen crítico sea ejecutado con interrupciones habilitadas erróneamente. Esto podría conllevar a una corrupción de datos, una denegación de servicio o, posiblemente, una escalada de privilegios. Sin embargo, no se ha identificado una técnica de ataque precisa.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-24 CVE Reserved
- 2019-10-31 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://seclists.org/bugtraq/2020/Jan/21 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2019/10/31/5 | 2023-11-07 | |
http://xenbits.xen.org/xsa/advisory-303.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.12.1 Search vendor "Xen" for product "Xen" and version " <= 4.12.1" | arm |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
|