Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-19965

Опубликовано: 08 дек. 2018
Источник: nvd
CVSS3: 5.6
CVSS2: 4.7
EPSS Низкий

Описание

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Версия до 4.11.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*
cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.0018
Низкий

5.6 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2018-19965

CVSS3: 5.6
ubuntu
около 7 лет назад

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

redhat логотип

CVE-2018-19965

CVSS3: 5.9
redhat
около 7 лет назад

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

debian логотип

CVE-2018-19965

CVSS3: 5.6
debian
около 7 лет назад

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...

github логотип

GHSA-c3g2-qp55-6gjf

CVSS3: 5.6
github
больше 3 лет назад

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

fstec логотип

BDU:2019-01307

CVSS3: 5.6
fstec
около 7 лет назад

Уязвимость гипервизора Xen, связанная с недостаточной обработкой данных при передаче адреса в код сброса TLB, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 40%
0.0018
Низкий

5.6 Medium

CVSS3

4.7 Medium

CVSS2

Дефекты

NVD-CWE-noinfo