CVE-2019-18425

Name of the Vulnerable Software and Affected Versions Xen versions 3.2 through 4.12.x

Description The issue is related to an error in the x86 PV emulation of the Xen hypervisor, specifically a missing check for the descriptor table limit. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be exploited by 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. The emulation of certain PV guest operations does not respect the guest-specified limits for descriptor table accesses, allowing 32-bit PV guest user mode to elevate its privileges to that of the guest kernel.

Recommendations For Xen versions 3.2 through 4.12.x, consider restricting the use of 32-bit PV guest user mode to minimize the risk of exploitation until a patch is available. As a temporary workaround, ensure that the guest kernel installs an LDT to prevent guest user mode from installing and using descriptors of their choice. Restrict access to the emulation of PV guest operations to prevent unauthorized elevation of privileges.