CVE-2019-18420

Name of the Vulnerable Software and Affected Versions Xen versions 4.6 through 4.12.x

Description The issue is related to incorrect error handling for a malformed format character in the hypercall initialise function of the Xen hypervisor. This can be exploited by a remote attacker to cause a denial of service. The vulnerability can be triggered via the VCPUOP initialise hypercall, which can lead to a crash of the hypervisor if it executes for a sufficiently long period, causing a continuation to be created. The hypercall create continuation() function is variadic and uses a printf-like format string to interpret its parameters. Malicious x86 PV guest OS users can exploit this to cause a hypervisor crash, resulting in a Denial of Service (DoS). Only x86 PV guests can exploit the vulnerability, while HVM and PVH guests, and guests on ARM systems, are not affected.

Recommendations For Xen versions 4.6 through 4.12.x, consider disabling the VCPUOP initialise hypercall as a temporary workaround to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.