Xen CVE-2019-19580 Incomplete Fix Local Privilege Escalation Vulnerability

Description

Xen is prone to a local privilege-escalation vulnerability. Local attacker can exploit this issue to gain elevated privileges on affected computers. Xen version 4.12.x and prior are vulnerable.

Technologies Affected

• Citrix Hypervisor 8.0
• Citrix XenServer 7.0
• Citrix XenServer 7.1 LTSR CU2
• Citrix XenServer 7.6
• Xen Xen 3.0.2
• Xen Xen 3.0.3
• Xen Xen 3.0.4
• Xen Xen 3.1
• Xen Xen 3.1.3
• Xen Xen 3.1.4
• Xen Xen 3.2.0
• Xen Xen 3.2.1
• Xen Xen 3.2.2
• Xen Xen 3.2.3
• Xen Xen 3.3.0
• Xen Xen 3.3.1
• Xen Xen 3.3.2
• Xen Xen 3.4.0
• Xen Xen 3.4.1
• Xen Xen 3.4.2
• Xen Xen 3.4.3
• Xen Xen 3.4.4
• Xen Xen 4.0.0
• Xen Xen 4.0.1
• Xen Xen 4.0.2
• Xen Xen 4.0.3
• Xen Xen 4.0.4
• Xen Xen 4.1.0
• Xen Xen 4.1.1
• Xen Xen 4.1.2
• Xen Xen 4.1.3
• Xen Xen 4.1.4
• Xen Xen 4.1.5
• Xen Xen 4.1.6.1
• Xen Xen 4.10.0
• Xen Xen 4.10.1
• Xen Xen 4.10.2
• Xen Xen 4.11.0
• Xen Xen 4.12.0
• Xen Xen 4.2.0
• Xen Xen 4.2.1
• Xen Xen 4.2.2
• Xen Xen 4.2.3
• Xen Xen 4.3.0
• Xen Xen 4.3.1
• Xen Xen 4.4.0
• Xen Xen 4.4.1
• Xen Xen 4.5.0
• Xen Xen 4.5.3
• Xen Xen 4.6.0
• Xen Xen 4.6.3
• Xen Xen 4.7.0
• Xen Xen 4.8.0
• Xen Xen 4.8.4
• Xen Xen 4.9.0
• Xen Xen 4.9.1
• Xen Xen 4.9.2
• Xen Xen 4.9.3

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the nature of this issue, allow only trusted and accountable individuals to have access.

Updates are available. Please see the references or vendor advisory for more information.