CVE-2019-18422

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.13

Description An issue in Xen allows ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. When an exception occurs on an ARM system and is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. This could lead to data corruption, denial of service, or possibly even privilege escalation. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled.

Recommendations For Xen versions prior to 4.13, consider disabling the handling of exceptions without changing processor level as a temporary workaround until a patch is available. Restrict access to critical Xen code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.