6.5

CVE-2019-18420

EPSS 4.25%
Published 31.10.2019 14:15:10
Last modified 21.11.2024 04:33:13
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen HwPlatformx86 Version <= 4.12.1

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.25%	0.877

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.3	6.8	6.9	AV:N/AC:M/Au:S/C:N/I:N/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://seclists.org/bugtraq/2020/Jan/21

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202003-56

Third Party Advisory

https://www.debian.org/security/2020/dsa-4602

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html

Third Party Advisory

Broken Link

Mailing List

http://www.openwall.com/lists/oss-security/2019/10/31/1

Patch

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-296.html

Patch

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/

https://nvd.nist.gov/vuln/detail/CVE-2019-18420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18420

EUVD