Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-01475

Опубликовано: 31 окт. 2019
Источник: fstec
CVSS3: 6.8
CVSS2: 6.9
EPSS Низкий

Описание

Уязвимость гипервизора Xen связана с ошибкой надежного домена, который может получать доступ к физическому устройству. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Вендор

Сообщество свободного программного обеспечения
ООО «РусБИТех-Астра»
Fedora Project
Novell Inc.
The Linux Foundation
АО «Концерн ВНИИНС»

Наименование ПО

Debian GNU/Linux
Astra Linux Special Edition
Fedora
OpenSUSE Leap
Xen
ОС ОН «Стрелец»

Версия ПО

9 (Debian GNU/Linux)
1.6 «Смоленск» (Astra Linux Special Edition)
29 (Fedora)
15.0 (OpenSUSE Leap)
30 (Fedora)
8 (Debian GNU/Linux)
31 (Fedora)
до 4.12.1 включительно (Xen)
до 16.01.2023 (ОС ОН «Стрелец»)

Тип ПО

Операционная система
ПО виртуализации/ПО виртуального программно-аппаратного средства

Операционные системы и аппаратные платформы

Сообщество свободного программного обеспечения Debian GNU/Linux 9
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.6 «Смоленск»
Fedora Project Fedora 29
Novell Inc. OpenSUSE Leap 15.0
Fedora Project Fedora 30
Сообщество свободного программного обеспечения Debian GNU/Linux 8
Fedora Project Fedora 31
АО «Концерн ВНИИНС» ОС ОН «Стрелец» до 16.01.2023

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,9)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Xen:
Обновление программного обеспечения до 5.4.19-1 или более поздней версии
Для Debian GNU/Linux:
Обновление программного обеспечения (пакета linux) до 4.9.168-1+deb9u5 или более поздней версии
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html
Для ОС ОН «Стрелец»:
Обновление программного обеспечения xen до версии 4.8.5.final+shim4.10.4-1+deb9u12

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 31%
0.00118
Низкий

6.8 Medium

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2019-18424

CVSS3: 6.8
ubuntu
больше 6 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pas...

redhat логотип

CVE-2019-18424

CVSS3: 7.6
redhat
больше 6 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pas...

nvd логотип

CVE-2019-18424

CVSS3: 6.8
nvd
больше 6 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-t

debian логотип

CVE-2019-18424

CVSS3: 6.8
debian
больше 6 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to ga ...

github логотип

GHSA-3q68-jh6h-39cm

CVSS3: 6.8
github
больше 3 лет назад

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pas...

EPSS

Процентиль: 31%
0.00118
Низкий

6.8 Medium

CVSS3

6.9 Medium

CVSS2