CVE-2019-18422

high-risk

Published 2019-10-31

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

Do I need to act?

3.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (6)

Xen

Debian Linux

Fedora

Affected Vendors

Debian Fedoraproject Xen

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2019/10/31/5

Patch http://xenbits.xen.org/xsa/advisory-303.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List https://seclists.org/bugtraq/2020/Jan/21

Third Party Advisory https://www.debian.org/security/2020/dsa-4602

Mailing List http://www.openwall.com/lists/oss-security/2019/10/31/5

Patch http://xenbits.xen.org/xsa/advisory-303.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List https://seclists.org/bugtraq/2020/Jan/21

Third Party Advisory https://www.debian.org/security/2020/dsa-4602

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 7/34 · Low

Exposure 13/34 · Low