CVE-2019-18424 — OS Command Injection in XEN
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 69.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 31
Latest updateMay 24
Description
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresse…
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, 31
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4Red Hat▶
xen: an untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation↗2019-12-06
Red Hat▶
xen: passed through PCI devices may corrupt host memory after deassignment leading to privilege escalation↗2019-10-31
Debian▶
CVE-2019-18424: xen - An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS...↗2019
Debian▶
CVE-2019-19579: xen - An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS...↗2019