CVE-2019-18422

Current Description

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.

Basic Data

PublishedOctober 31, 2019
Last ModifiedNovember 17, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-732
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score8.5
SeverityHIGH
Exploitability Score6.8
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSXenXen******arm*4.12.1

Vulnerable Software List

VendorProductVersions
Xen Xen *

References

NameSourceURLTags
[oss-security] 20191031 Xen Security Advisory 303 v4 (CVE-2019-18422) - ARM: Interrupts are unconditionally unmasked in exception handlershttp://www.openwall.com/lists/oss-security/2019/10/31/5MLISTMailing List Patch Third Party Advisory
http://xenbits.xen.org/xsa/advisory-303.htmlhttp://xenbits.xen.org/xsa/advisory-303.htmlMISCPatch Vendor Advisory
FEDORA-2019-865bb16900https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKXFEDORA
FEDORA-2019-376ec5c107https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPFEDORA
FEDORA-2019-cbb732f760https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATFEDORA
20200114 [SECURITY] [DSA 4602-1] xen security updatehttps://seclists.org/bugtraq/2020/Jan/21BUGTRAQ
DSA-4602https://www.debian.org/security/2020/dsa-4602DEBIAN