Showing 1 - 2 of 2

CVE-2019-18425

Status Candidate

Overview

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.

Related Files

Gentoo Linux Security Advisory 202003-56: Posted Mar 26, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202003-56 - Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.12.0-r1 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-12207, CVE-2019-11091, CVE-2019-11135, CVE-2019-18420, CVE-2019-18421, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583; SHA-256 | 7959dee17cd4227918a51fda5daa8418f726f545d628a763b80ddbb67566d1eb; Download | Favorite | View

Debian Security Advisory 4602-1: Posted Jan 15, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4602-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-12207, CVE-2019-11091, CVE-2019-11135, CVE-2019-17340, CVE-2019-17341, CVE-2019-17342, CVE-2019-17343, CVE-2019-17344, CVE-2019-17345, CVE-2019-17346, CVE-2019-17347, CVE-2019-17348, CVE-2019-17349, CVE-2019-17350, CVE-2019-18420, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-19577, CVE-2019-19578, CVE-2019-19579; SHA-256 | e5bfcc7743f4984f6ecac091e3a281590c7e7e3caf0c70d6d0dbc7576bed566f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 410 files
Ubuntu 104 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 14 files
Google Security Research 5 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,884)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,645)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,149)
UNIX (9,340)
UnixWare (187)
Windows (6,607)
Other

CVE-2019-18425

Overview

Related Files

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems