CVE-2019-17340Missing Release of Memory after Effective Lifetime in XEN

CWE-401Missing Release of Memory after Effective LifetimeCWE-20Improper Input Validation7 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 77.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENDebian Linux
Timeline
PublishedOct 8
Latest updateMay 24

Description

An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

debiandebian/xen< xen 4.11.1+92-g6c33308a8d-1 (bookworm)
Debianxen/xen< 4.11.1+92-g6c33308a8d-1+3
NVDxen/xen3.2.04.11.2

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-5rr5-4vg6-qw69: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-17340: An issue was discovered in Xen through 42019-10-08

📋Vendor Advisories

2
Red Hat
xen: mishanding grant-table transfer allows x86 guest OS to cause a DoS or escalate their privileges2019-10-31
Debian
CVE-2019-17340: xen - An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cau...2019

💬Community

2
Bugzilla
CVE-2019-17340 xen: mishanding grant-table transfer allows x86 guest OS to cause a DoS or escalate their privileges [fedora-all]2019-11-12
Bugzilla
CVE-2019-17340 xen: mishanding grant-table transfer allows x86 guest OS to cause a DoS or escalate their privileges2019-11-12