CVE-2019-19578

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13

Description An issue in Xen allows x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables. This is due to an incorrect fix for a previous issue, which introduced an additional restriction on the depth of linear pagetable chains. However, the original commit incorrectly reset the count of outstanding times a page points to or is pointed to another page table, potentially allowing attackers to create loops or arbitrary chains of linear pagetables. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in a Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. The issue is specific to x86 systems and only affects x86 PV guests, with Arm systems and x86 HVM and PVH guests not being vulnerable. Systems with linear pagetables disabled are not affected.

Recommendations For Xen versions prior to 4.13, consider disabling linear pagetables by selecting CONFIG PV LINEAR PT=n when building the hypervisor or adding pv-linear-pt=false on the command-line to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.