CVE-2018-19962

CWE-200 — Information Exposure CWE-2127 documents7 sources

Severity

7.8HIGH

EPSS

0.2%

top 60.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN XEN Citrix Xenserver Debian Debian Linux

Timeline

PublishedDec 8

Latest updateMay 13

Description

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages3 packages

▶Debianxen< 4.11.1-1+3

▶NVDxen/xen4.11.1

▶NVDcitrix/xenserver4 versions+3

Also affects: Debian Linux 9.0

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-2hh5-jxwx-3pwr: An issue was discovered in Xen through 4↗2022-05-13

▶

OSV

CVE-2018-19962: An issue was discovered in Xen through 4↗2018-12-08

▶

CVEList

CVE-2018-19962: An issue was discovered in Xen through 4↗2018-12-08

▶

📋Vendor Advisories

Red Hat

xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs↗2018-11-20

▶

Debian

CVE-2018-19962: xen - An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly all...↗2018

▶

💬Community

Bugzilla

CVE-2018-19961 CVE-2018-19962 xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs↗2018-11-07

▶