CVE-2019-19580

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13

Description The issue allows x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. A malicious PV guest administrator may be able to escalate their privilege to that of the host. The vulnerability is related to incomplete fix for a previous issue and affects all security-supported versions of Xen. Only x86 systems are affected, and only x86 PV guests can leverage the vulnerability. The exploitation of this issue may require very precise timing, which could be difficult to achieve in practice.

Recommendations For Xen versions prior to 4.13, update to a version that includes the complete fix for the issue, as the current version is vulnerable to privilege escalation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.