CVE-2018-19961

Опубликовано: 08 дек. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-275.html
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-275.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Версия до 4.11.1 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*

cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-459

Связанные уязвимости

CVE-2018-19961

CVSS3: 7.8

ubuntu

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

CVE-2018-19961

CVSS3: 8.1

redhat

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

CVE-2018-19961

CVSS3: 7.8

debian

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...

GHSA-qwxp-946x-p86v

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

BDU:2019-01305

CVSS3: 7.8

fstec

около 7 лет назад

Уязвимость гипервизора Xen, связанная с ошибками очистки буфера ассоциативной трансляции (TLB), позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 40%

0.00181

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-459