CVE-2019-19577

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13

Description An issue in Xen allows x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. The vulnerability is related to the dynamic adaptation of the number of levels of pagetables in the IOMMU according to the guest's address space size. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. The vulnerability can be exploited when guests are given direct access to physical devices, and only HVM guests can exploit the vulnerability.

Recommendations For Xen versions prior to 4.13, update to a version that includes the necessary patches to fix the issue. As a temporary workaround, consider disabling PCI pass-through to minimize the risk of exploitation. Restrict access to physical devices for HVM guests until the issue is resolved.