PT-2018-2544 · Xen+1 · Xen+1

Publicado

2018-11-20

Atualizado

2024-06-15

CVE-2018-19966

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.12

Description The issue is related to an interpretation conflict for a union data structure associated with shadow paging, which can be exploited by x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges. This problem arose due to an incorrect fix for a previous issue.

Recommendations For Xen versions prior to 4.12, update to version 4.12 or later to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-436CWE-264

Identificadores relacionados

BDU:2019-00953

CVE-2018-19966

DLA-1949-1

DSA-4369-1

OPENSUSE-SU-2018_4111-1

OPENSUSE-SU-2018_4304-1

OPENSUSE-SU-2019_1226-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2018:4070-1

SUSE-SU-2018:4300-1

SUSE-SU-2019:0003-1

SUSE-SU-2019:0020-1

SUSE-SU-2019:0825-1

SUSE-SU-2019:0827-1

SUSE-SU-2019:13921-1

SUSE-SU-2019:14011-1

Produtos afetados

Suse

Xen

PT-2018-2544 · Xen+1 · Xen+1

CVE-2018-19966

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 177