CVE-2019-18425Improper Privilege Management in XEN

CWE-269Improper Privilege ManagementCWE-250Execution with Unnecessary Privileges7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
4.9%
top 10.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
XENDebian XENDebian Linux+2 more
Timeline
PublishedOct 31
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1
NVDopensuse/leap15.0

Also affects: Debian Linux 10.0, 9.0, Fedora 29, 30, 31

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-wfcx-xxhx-657g: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-18425: An issue was discovered in Xen through 42019-10-31

📋Vendor Advisories

2
Red Hat
xen: missing descriptor table limit checking in x86 PV emulation leading to privilege escalation2019-10-31
Debian
CVE-2019-18425: xen - An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users ...2019

💬Community

2
Bugzilla
CVE-2019-18425 xen: missing descriptor table limit checking in x86 PV emulation leading to privilege escalation [fedora-all]2019-11-12
Bugzilla
CVE-2019-18425 xen: missing descriptor table limit checking in x86 PV emulation leading to privilege escalation2019-11-12