6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.8%
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS
users to gain host OS privileges by leveraging race conditions in pagetable
promotion and demotion operations, because of an incomplete fix for
CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV
type change operations. Despite extensive testing and auditing, some corner
cases were missed. A malicious PV guest administrator may be able to
escalate their privilege to that of the host. All security-supported
versions of Xen are vulnerable. Only x86 systems are affected. Arm systems
are not affected. Only x86 PV guests can leverage the vulnerability. x86
HVM and PVH guests cannot leverage the vulnerability. Note that these
attacks require very precise timing, which may be difficult to exploit in
practice.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.8%