PT-2019-5141 · Xen+1 · Xen+1

Paul Durrant

Publicado

2019-10-07

Atualizado

2022-03-31

CVE-2019-17343

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen versions through 4.11.x

Description The issue is related to the physmap concept of hardware virtualization in the Xen hypervisor, which lacks proper input validation. This allows an attacker to gain unauthorized access to sensitive data, cause a denial of service, or compromise data integrity. The problem can be exploited by x86 PV guest OS users.

Recommendations For Xen versions through 4.11.x, update to a version that includes the necessary security patches to fix the issue with the physmap concept. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Improper Locking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-667

Identificadores relacionados

BDU:2020-01808

CVE-2019-17343

DLA-1949-1

DSA-4602-1

SUSE-RU-2019:2767-1

SUSE-SU-2019:14199-1

SUSE-SU-2019:14201-1

SUSE-SU-2019:2753-1

SUSE-SU-2019:2769-1

SUSE-SU-2019:2783-1

SUSE-SU-2019_14199-1

SUSE-SU-2020:0388-1

Produtos afetados

Suse

Xen

PT-2019-5141 · Xen+1 · Xen+1

CVE-2019-17343

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 111