PT-2019-4536 · Xen+1 · Xen+1
Published
2019-12-11
·
Updated
2020-06-16
·
CVE-2019-19581
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Xen versions prior to 4.13
Description
An issue in Xen allows 32-bit Arm guest OS users to cause a denial of service due to out-of-bounds access. The hypervisor uses bitmaps to track state, and iteration over all bits may misbehave in certain corner cases, leading to an out-of-bounds access on 32-bit Arm systems when accessing bitmaps with a bit count that is a multiple of 32. A malicious guest may cause a hypervisor crash or hang, resulting in a denial of service. This issue is specific to 32-bit Arm systems, as 64-bit Arm systems are not vulnerable.
Recommendations
For Xen versions prior to 4.13, consider upgrading to a newer version to mitigate the risk of a denial of service attack.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Xen