CVE-2019-19581

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable.

Se detectó un problema en Xen versiones hasta 4.12.x, que permite a usuarios del Sistema Operativo invitado Arm de 32 bits causar una denegación de servicio (acceso fuera de límites) porque maneja inapropiadamente cierta iteración de bits. En varios lugares, el hipervisor está utilizando mapas de bits para rastrear cierto estado. La iteración sobre todos los bits implica funciones que pueden comportarse inapropiadamente en determinados casos de esquina: en el acceso Arm de 32 bits a mapas de bits con un recuento de bits que es un múltiplo de 32, puede ocurrir un acceso fuera de límites. Un invitado malicioso puede provocar un bloqueo o bloqueo del hipervisor, resultando en una Denegación de Servicio (DoS). Todas las versiones de Xen son vulnerables. Los sistemas Arm de 32 bits son vulnerables. Los sistemas Arm de 64 bits no son vulnerables.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-04 CVE Reserved
2019-12-11 CVE Published
2023-03-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (7)

URL	Tag	Source
https://seclists.org/bugtraq/2020/Jan/21	Mailing List

URL	Date	SRC

URL	Date	SRC
https://xenbits.xen.org/xsa/advisory-307.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43	2023-11-07
https://security.gentoo.org/glsa/202003-56	2023-11-07
https://www.debian.org/security/2020/dsa-4602	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				>= 4.8.0 <= 4.12.1 Search vendor "Xen" for product "Xen" and version " >= 4.8.0 <= 4.12.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected