PT-2019-5141 · Xen+1 · Xen+1

Paul Durrant

Published

2019-10-07

Updated

2022-03-31

CVE-2019-17343

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen versions through 4.11.x

Description The issue is related to the physmap concept of hardware virtualization in the Xen hypervisor, which lacks proper input validation. This allows an attacker to gain unauthorized access to sensitive data, cause a denial of service, or compromise data integrity. The problem can be exploited by x86 PV guest OS users.

Recommendations For Xen versions through 4.11.x, update to a version that includes the necessary security patches to fix the issue with the physmap concept. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-667

Related Identifiers

BDU:2020-01808

CVE-2019-17343

DLA-1949-1

DSA-4602-1

SUSE-RU-2019:2767-1

SUSE-SU-2019:14199-1

SUSE-SU-2019:14201-1

SUSE-SU-2019:2753-1

SUSE-SU-2019:2769-1

SUSE-SU-2019:2783-1

SUSE-SU-2019_14199-1

SUSE-SU-2020:0388-1

Affected Products

Suse

Xen

PT-2019-5141 · Xen+1 · Xen+1

CVE-2019-17343

Weakness Enumeration

Related Identifiers

Affected Products

References · 111