PT-2018-2573 · Xen+1 · Xen+1

Published

2018-11-12

Updated

2024-06-15

CVE-2018-19967

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.12

Description The issue allows guest OS users to cause a denial of service, resulting in a host OS hang, due to Xen's failure to work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. This is related to insufficient input validation, which can be exploited by an attacker from a guest OS to cause a denial of service.

Recommendations For Xen versions prior to 4.12, update to version 4.12 or later to resolve the issue. At the moment, there is no information about other specific workarounds for this vulnerability.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-01047

CVE-2018-19967

DLA-1577-1

DSA-4369-1

OPENSUSE-SU-2019:1199-1

OPENSUSE-SU-2019_1199-1

OPENSUSE-SU-2019_1226-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2019:0003-1

SUSE-SU-2019:0825-1

SUSE-SU-2019:0827-1

SUSE-SU-2019:0875-1

SUSE-SU-2019:0921-1

SUSE-SU-2019:13921-1

SUSE-SU-2019:14011-1

SUSE-SU-2019_0875-1

SUSE-SU-2019_0921-1

Affected Products

Suse

Xen

PT-2018-2573 · Xen+1 · Xen+1

CVE-2018-19967

Weakness Enumeration

Related Identifiers

Affected Products

References · 174