8.8

CVE-2019-18422

EPSS 3.77%
Published 31.10.2019 14:15:10
Last modified 21.11.2024 04:33:14
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Xen ≫ Xen HwPlatformarm Version <= 4.12.1

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.77%	0.869

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://seclists.org/bugtraq/2020/Jan/21

Third Party Advisory

Mailing List

https://www.debian.org/security/2020/dsa-4602

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/

http://www.openwall.com/lists/oss-security/2019/10/31/5

Patch

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-303.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18422

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18422

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18422

EUVD