Xen CVE-2019-19579 Incomplete Fix Local Privilege Escalation Vulnerability

Description

Xen is prone to a local privilege-escalation vulnerability. Local attacker can exploit this issue to gain elevated privileges on affected computers.

Technologies Affected

• Xen Xen 3.0.2
• Xen Xen 3.0.3
• Xen Xen 3.0.4
• Xen Xen 3.1
• Xen Xen 3.1.3
• Xen Xen 3.1.4
• Xen Xen 3.2.0
• Xen Xen 3.2.1
• Xen Xen 3.2.2
• Xen Xen 3.2.3
• Xen Xen 3.3.0
• Xen Xen 3.3.1
• Xen Xen 3.3.2
• Xen Xen 3.4.0
• Xen Xen 3.4.1
• Xen Xen 3.4.2
• Xen Xen 3.4.3
• Xen Xen 3.4.4
• Xen Xen 4.0.0
• Xen Xen 4.0.1
• Xen Xen 4.0.2
• Xen Xen 4.0.3
• Xen Xen 4.0.4
• Xen Xen 4.1.0
• Xen Xen 4.1.1
• Xen Xen 4.1.2
• Xen Xen 4.1.3
• Xen Xen 4.1.4
• Xen Xen 4.1.5
• Xen Xen 4.1.6.1
• Xen Xen 4.10.0
• Xen Xen 4.10.1
• Xen Xen 4.10.2
• Xen Xen 4.11.0
• Xen Xen 4.12.0
• Xen Xen 4.2.0
• Xen Xen 4.2.1
• Xen Xen 4.2.2
• Xen Xen 4.2.3
• Xen Xen 4.3.0
• Xen Xen 4.3.1
• Xen Xen 4.4.0
• Xen Xen 4.4.1
• Xen Xen 4.5.0
• Xen Xen 4.5.3
• Xen Xen 4.6.0
• Xen Xen 4.6.3
• Xen Xen 4.7.0
• Xen Xen 4.8.0
• Xen Xen 4.8.4
• Xen Xen 4.9.0
• Xen Xen 4.9.1
• Xen Xen 4.9.2
• Xen Xen 4.9.3

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the nature of this issue, allow only trusted and accountable individuals to have access.

Updates are available. Please see the references or vendor advisory for more information.