Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-18424

Good to know:

icon
icon

Date: October 31, 2019

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.

Language: C

Severity Score

Related Resources (16)

https://seclists.org/bugtraq/2020/Jan/21
https://access.redhat.com/security/cve/CVE-2019-18424
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18424
https://nvd.nist.gov/vuln/detail/CVE-2019-18424
https://security-tracker.debian.org/tracker/CVE-2019-18424
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html
https://github.com/xen-project/xen/commit/319f9a0ba94c7db505cd5dd9cb0b037ab1aa8e12
http://www.openwall.com/lists/oss-security/2019/10/31/6
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://security.gentoo.org/glsa/202003-56
https://security.alpinelinux.org/vuln/CVE-2019-18424
https://www.debian.org/security/2020/dsa-4602
http://xenbits.xen.org/xsa/advisory-302.html
https://www.mend.io/vulnerability-database/CVE-2019-18424

Severity Score

Weakness Type (CWE)

OS Command Injections

CWE-78

Top Fix

icon

Upgrade Version

Upgrade to version 4.13.0-rc2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): PHYSICAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us