CVE-2019-18421

Name of the Vulnerable Software and Affected Versions Xen versions through 4.12.x

Description The issue is related to a flaw in restartable PV type change operations, which can be exploited by a remote attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. Specifically, the problem lies in the handling of pagetable promotion and demotion operations, where race conditions can be leveraged by x86 PV guest OS users to gain host OS privileges. Xen's use of a type system to track page usage and prevent direct modification of hardware pagetables by guests is compromised by the complexity of making recursive pagetable promotion and demotion operations restartable, leading to potential races that can cause Xen to drop or retain extra type counts. This could allow malicious PV guest administrators to escalate their privileges to that of the host. All x86 systems with untrusted PV guests are vulnerable.

Recommendations For Xen versions through 4.12.x, consider disabling the use of PV guests until a patch is available, or restrict access to the pagetable promotion and demotion operations to minimize the risk of exploitation. As a temporary workaround, avoid using recursive promotions and demotions in pagetable operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.