SB2019111249 - Fedora 31 update for xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019111249

SB2019111249 - Fedora 31 update for xen

Published: November 12, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019111249
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 38% Low 63%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-12207)

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the mechanism responsible for error handling on some Intel platforms. A local user of a guest operating system can use a specially crafted application to trigger memory corruption and cause the host system to stop responding.

Successful exploitation of this vulnerability may result in a denial of service (DoS) attack.

Below is the list of processor families that are affected by this vulnerability:

Client:

  • Intel Core i3 Processors
  • Intel Core i5 Processors
  • Intel Core i7 Processors
  • Intel Core m Processor Family
  • 2nd generation Intel Core Processors
  • 3rd generation Intel Core Processors
  • 4th generation Intel Core Processors
  • 5th generation Intel Core Processors
  • 6th generation Intel Core Processors
  • 7th generation Intel Core Processors
  • 8th generation Intel Core Processors
  • Intel Core X-series Processor Family
  • Intel Pentium Gold Processor Series
  • Intel Celeron Processor G Series

Server:

  • 2nd Generation Intel Xeon Scalable Processors
  • Intel Xeon Scalable Processors
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 Family
  • Intel Xeon E Processor
  • Intel Xeon D Processor
  • Intel Xeon W Processor
  • Legacy Intel Xeon Processor

2) Resource management error (CVE-ID: CVE-2019-11135)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the TSX Asynchronous Abort (TAA) in Intel CPUs. The TAA condition, on some microprocessors utilizing speculative execution, may allow an authenticated user to potentially enable information disclosure via a side channel.

3) Input validation error (CVE-ID: CVE-2019-18420)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the VCPUOP_initialise hypercall in Xen. A remote user on a guest operating system can run a specially crafted program and perform a denial of service attack against the host operating system.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-18425)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to missing descriptor table limit checking in x86 PV emulation. A remote unprivileged user of a guest operating system can escalate privileges within the same guest system.

Note, only 32-bit PV guest is affected.


5) Race condition (CVE-ID: CVE-2019-18421)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition when handling restartable PV type change operations. A remote administrator of a guest operating system can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


6) Resource management error (CVE-ID: CVE-2019-18423)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the p2m_get_root_pointer() function in Xen ignores the unused top bits of a guest physical frame. A remote administrator of a guest operating system can use a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. As a result, the attacker can crash the hypervisor from the guest operating system.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-18424)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing assignment of PCI devices. A privileged user of a guest operating system can program the PCI device to directly access host memory. Once the PCI device is deassigned, the code will be written into host memory. A remote attacker can corrupt host memory and perform denial of service attack or escalate privileges on the system.


8) Resource management error (CVE-ID: CVE-2019-18422)

The vulnerability allows a local user to perform a denial of service (DoS) attack or possibly escalate privileges.

The vulnerability exists due to way Xen handles exceptions on ARM systems, without changing processor level. A local user can force a critical Xen code to run with interrupts erroneously enabled during exception entry that may lead to data corruption, denial of service and potential privilege escalation.

Note, the vulnerability affects ARM systems only.


Remediation

Install update from vendor's website.

References