5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
CPE | Name | Operator | Version |
---|---|---|---|
xen | eq | 4.7.1-r4 | |
xen | eq | 4.7.0-r3 | |
xen.git | eq | 4.8.0-rc5 | |
xen | eq | 4.8.2-r2 | |
xen | eq | 4.9.0-r2 | |
xen.git | eq | RELEASE-2.0.2 | |
xen | eq | 4.8.1-r4 | |
xen.git | eq | 4.11.0-rc3 | |
xen.git | eq | 4.10.0-rc2 | |
xen.git | eq | 4.11.0-rc6 |
lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
www.securityfocus.com/bid/106182
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
support.citrix.com/article/CTX239432
www.debian.org/security/2019/dsa-4369
xenbits.xen.org/xsa/advisory-279.html
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.1 High
AI Score
Confidence
Low
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.974 High
EPSS
Percentile
99.9%