CVE-2019-18420Use of Externally-Controlled Format String in XEN

CWE-134Use of Externally-Controlled Format StringCWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
4.0%
top 11.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedOct 31
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long per

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1

Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, 31

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-54p2-qq73-f565: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-18420: An issue was discovered in Xen through 42019-10-31

📋Vendor Advisories

2
Red Hat
xen: allows guest OS users to cause denial of service via VCPUOP_initialise hypercall2019-10-31
Debian
CVE-2019-18420: xen - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to ...2019

💬Community

2
Bugzilla
CVE-2019-18420 xen: allows guest OS users to cause denial of service via VCPUOP_initialise hypercall2019-11-12
Bugzilla
CVE-2019-18420 xen: allows guest OS users to cause denial of service via VCPUOP_initialise hypercall [fedora-all]2019-11-12