CVE-2019-19578Uncontrolled Resource Consumption in XEN

CWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 67.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENFedoraproject Fedora
Timeline
PublishedDec 11
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1

Also affects: Fedora 31

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-xm4c-wwh2-mcv8: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-19578: An issue was discovered in Xen through 42019-12-11

📋Vendor Advisories

2
Red Hat
xen: privilege escalation due to malicious PV guest (XSA-309)2019-12-11
Debian
CVE-2019-19578: xen - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to ...2019

💬Community

2
Bugzilla
CVE-2019-19578 xen: privilege escalation due to malicious PV guest (XSA-309) [fedora-all]2019-12-11
Bugzilla
CVE-2019-19578 xen: privilege escalation due to malicious PV guest (XSA-309)2019-11-29