CVE-2019-19579Incorrect Privilege Assignment in XEN

CWE-266Incorrect Privilege Assignment7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 67.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENFedoraproject Fedora
Timeline
PublishedDec 4
Latest updateMay 24

Description

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/xen< xen 4.11.3+24-g14b62ab3e5-1 (bookworm)
Debianxen/xen< 4.11.3+24-g14b62ab3e5-1+3
NVDxen/xen4.12.1

Also affects: Fedora 30

🔴Vulnerability Details

2
GHSA
GHSA-mw9v-9fv9-jf3f: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2019-19579: An issue was discovered in Xen through 42019-12-04

📋Vendor Advisories

2
Red Hat
xen: an untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation2019-12-06
Debian
CVE-2019-19579: xen - An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS...2019

💬Community

2
Bugzilla
CVE-2019-19579 xen: an untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation [fedora-all]2019-12-06
Bugzilla
CVE-2019-19579 xen: an untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation2019-12-06