CVE-2018-19962

Опубликовано: 08 дек. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-275.html
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-275.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Версия до 4.11.1 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*

cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-19962

CVSS3: 7.8

ubuntu

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

CVE-2018-19962

CVSS3: 8.1

redhat

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

CVE-2018-19962

CVSS3: 7.8

debian

около 7 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...

GHSA-2hh5-jxwx-3pwr

CVSS3: 7.8

github

больше 3 лет назад

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

BDU:2019-01306

CVSS3: 7.8

fstec

около 7 лет назад

Уязвимость гипервизора Xen, связанная с небезопасным объединением небольших IOMMU с более крупными, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 40%

0.00181

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-200