Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-18425

Good to know:

icon
icon

Date: October 31, 2019

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.

Language: C

Severity Score

Related Resources (16)

https://seclists.org/bugtraq/2020/Jan/21
https://access.redhat.com/security/cve/CVE-2019-18425
https://nvd.nist.gov/vuln/detail/CVE-2019-18425
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://github.com/xen-project/xen/commit/93021cbe880a8013691a48d0febef8ed7d3e3ebd
https://security-tracker.debian.org/tracker/CVE-2019-18425
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://security.gentoo.org/glsa/202003-56
https://security.alpinelinux.org/vuln/CVE-2019-18425
http://www.openwall.com/lists/oss-security/2019/10/31/2
https://www.debian.org/security/2020/dsa-4602
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18425
http://xenbits.xen.org/xsa/advisory-298.html
https://www.mend.io/vulnerability-database/CVE-2019-18425

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

icon

Upgrade Version

Upgrade to version 4.13.0-rc2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us