PT-2018-2573 · Xen+1 · Xen+1

Publicado

2018-11-12

Atualizado

2024-06-15

CVE-2018-19967

CVSS v3.1

6.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.12

Description The issue allows guest OS users to cause a denial of service, resulting in a host OS hang, due to Xen's failure to work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. This is related to insufficient input validation, which can be exploited by an attacker from a guest OS to cause a denial of service.

Recommendations For Xen versions prior to 4.12, update to version 4.12 or later to resolve the issue. At the moment, there is no information about other specific workarounds for this vulnerability.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-01047

CVE-2018-19967

DLA-1577-1

DSA-4369-1

OPENSUSE-SU-2019:1199-1

OPENSUSE-SU-2019_1199-1

OPENSUSE-SU-2019_1226-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2019:0003-1

SUSE-SU-2019:0825-1

SUSE-SU-2019:0827-1

SUSE-SU-2019:0875-1

SUSE-SU-2019:0921-1

SUSE-SU-2019:13921-1

SUSE-SU-2019:14011-1

SUSE-SU-2019_0875-1

SUSE-SU-2019_0921-1

Produtos afetados

Suse

Xen

PT-2018-2573 · Xen+1 · Xen+1

CVE-2018-19967

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 174