Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2019-18422

Published: 31/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

An issue exists in Xen up to and including 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 29

fedoraproject fedora 30

fedoraproject fedora 31

Vendor Advisories

Debian CVElist Bug Report Logs: xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583)
Debian Bug report logs - #947944 xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583) Package: src:xen; Maintainer for src:xen is De ...
Debian Security Advisories: DSA-4602-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks In addition this update provides mitigations for the TSX Asynchronous Abort speculative side channel attack For additional information please refer to xenbitsxenorg/xsa/adv ...

References

CWE-732http://xenbits.xen.org/xsa/advisory-303.htmlhttp://www.openwall.com/lists/oss-security/2019/10/31/5https://www.debian.org/security/2020/dsa-4602https://seclists.org/bugtraq/2020/Jan/21https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947944https://www.debian.org/security/2020/dsa-4602
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook