CVE-2019-18422
Published: 31 October 2019
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
Notes
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe |
alexmurray | This issue is specific only to ARM platforms - x86 systems are not affected |
Priority
Status
Package | Release | Status |
---|---|---|
xen Launchpad, Ubuntu, Debian |
disco |
Ignored
(end of life)
|
eoan |
Ignored
(end of life)
|
|
focal |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
impish |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
groovy |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
bionic |
Needed
|
|
hirsute |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
xenial |
Needed
|
|
jammy |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
kinetic |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
lunar |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
mantic |
Not vulnerable
(4.11.3+24-g14b62ab3e5-1ubuntu1)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |