CVE-2018-19967

Опубликовано: 08 дек. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.9

EPSS Низкий

Описание

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-282.html
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html
http://www.securityfocus.com/bid/106182
Third Party Advisory
VDB Entry
https://support.citrix.com/article/CTX239432
Third Party Advisory
https://www.debian.org/security/2019/dsa-4369
Third Party Advisory
https://xenbits.xen.org/xsa/advisory-282.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*

Версия до 4.11.1 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

6.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-19967

CVSS3: 6.5

ubuntu

около 7 лет назад

CVE-2018-19967

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2018-19967

CVSS3: 6.5

debian

около 7 лет назад

An issue was discovered in Xen through 4.11.x on Intel x86 platforms a ...

openSUSE-SU-2019:1199-1

suse-cvrf

почти 7 лет назад

Recommended update for xen

SUSE-SU-2019:0875-1

suse-cvrf

почти 7 лет назад

Recommended update for xen

EPSS

Процентиль: 22%

0.00072

Низкий

6.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-20