CVE-2019-18422

An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified.
Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:arm:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

History

21 Nov 2024, 04:33

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2019/10/31/5 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2019/10/31/5 - Mailing List, Patch, Third Party Advisory
References () http://xenbits.xen.org/xsa/advisory-303.html - Patch, Vendor Advisory () http://xenbits.xen.org/xsa/advisory-303.html - Patch, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/ -
References () https://seclists.org/bugtraq/2020/Jan/21 - Mailing List, Third Party Advisory () https://seclists.org/bugtraq/2020/Jan/21 - Mailing List, Third Party Advisory
References () https://www.debian.org/security/2020/dsa-4602 - Third Party Advisory () https://www.debian.org/security/2020/dsa-4602 - Third Party Advisory

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/', 'name': 'FEDORA-2019-865bb16900', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/', 'name': 'FEDORA-2019-cbb732f760', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/', 'name': 'FEDORA-2019-376ec5c107', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/ -

Information

Published : 2019-10-31 14:15

Updated : 2024-11-21 04:33


NVD link : CVE-2019-18422

Mitre link : CVE-2019-18422

CVE.ORG link : CVE-2019-18422


JSON object : View

Products Affected

debian

  • debian_linux

xen

  • xen

fedoraproject

  • fedora
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource