Ubuntu.comUB:CVE-2019-18422CVE-2019-18422
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users
to cause a denial of service or gain privileges by leveraging the erroneous
enabling of interrupts. Interrupts are unconditionally unmasked in
exception handlers. When an exception occurs on an ARM system which is
handled without changing processor level, some interrupts are
unconditionally enabled during exception entry. So exceptions which occur
when interrupts are masked will effectively unmask the interrupts. A
malicious guest might contrive to arrange for critical Xen code to run with
interrupts erroneously enabled. This could lead to data corruption, denial
of service, or possibly even privilege escalation. However a precise attack
technique has not been identified.
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe |
| alexmurray | This issue is specific only to ARM platforms - x86 systems are not affected |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%