CVE-2019-19577Missing Release of Memory after Effective Lifetime in XEN

CWE-401Missing Release of Memory after Effective LifetimeCWE-662Improper SynchronizationCWE-266Incorrect Privilege Assignment7 documents6 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 68.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENFedoraproject Fedora
Timeline
PublishedDec 11
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without ta

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.5 | Impact: 6.0

Affected Packages3 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1

Also affects: Fedora 31

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-6gpv-cjwj-gqjp: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-19577: An issue was discovered in Xen through 42019-12-11

📋Vendor Advisories

2
Red Hat
xen: vulnerability in dynamic height handling for AMD IOMMU pagetables (XSA-311 v2)2019-12-11
Debian
CVE-2019-19577: xen - An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS user...2019

💬Community

2
Bugzilla
CVE-2019-19577 xen: vulnerability in dynamic height handling for AMD IOMMU pagetables (XSA-311 v2) [fedora-all]2019-12-11
Bugzilla
CVE-2019-19577 xen: vulnerability in dynamic height handling for AMD IOMMU pagetables (XSA-311 v2)2019-11-29