CVE-2019-19583
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability.
Se detectó un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado HVM/PVH en x86, causar una denegación de servicio (bloqueo del Sistema Operativo invitado) porque las comprobaciones de VMX VMEntry manejan inapropiadamente un determinado caso. Consulte XSA-260 para antecedentes sobre el MovSS shadow. Consulte XSA-156 para obtener información sobre la necesidad de interceptar #DB. A las comprobaciones de VMX VMEntry no les gusta la combinación exacta de estado que ocurre cuando #DB es interceptado, Single Stepping está activo y bloqueado por STI/MovSS está activo, a pesar de que este es un estado legítimo. El fallo de VMEntry resultante es fatal para el invitado El código de espacio de usuario invitado de HVM/PVH puede bloquear al invitado, resultando en una Denegación de Servicio del invitado. Todas las versiones de Xen están afectadas. Solo están afectados los sistemas que admiten extensiones virtuales de hardware VMX (CPU Intel, Cyrix o Zhaoxin). Los sistemas de brazo y AMD no están afectados. Solo los invitados HVM/PVH están afectados. Los invitados de PV no pueden aprovechar la vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-04 CVE Reserved
- 2019-12-11 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://seclists.org/bugtraq/2020/Jan/21 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://xenbits.xen.org/xsa/advisory-308.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | >= 4.8.0 <= 4.12.1 Search vendor "Xen" for product "Xen" and version " >= 4.8.0 <= 4.12.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||