CVE-2019-18422Incorrect Permission Assignment in XEN

CWE-732Incorrect Permission Assignment7 documents6 sources
Severity
8.8HIGHNVD
EPSS
3.5%
top 12.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedOct 31
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1

Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, 31

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-4rjw-rr87-jjgv: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-18422: An issue was discovered in Xen through 42019-10-31

📋Vendor Advisories

2
Red Hat
xen: ARM: Interrupts are unconditionally unmasked in exception handlers2019-10-31
Debian
CVE-2019-18422: xen - An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cau...2019

💬Community

2
Bugzilla
CVE-2019-18422 xen: ARM: Interrupts are unconditionally unmasked in exception handlers [fedora-all]2019-11-12
Bugzilla
CVE-2019-18422 xen: ARM: Interrupts are unconditionally unmasked in exception handlers2019-11-12