CVE-2019-19580 : An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.

Published 2019-12-11 18:16:19

Updated 2020-01-03 22:15:12

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19580

XEN » XEN » For X86
Versions up to, including, (<=) 4.12.1
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-19580

EPSS FAQ

0.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-19580

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.7	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-19580

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-19580

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html

[security-announce] openSUSE-SU-2020:0011-1: important: Security update

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/

[SECURITY] Fedora 31 Update: xen-4.12.1-8.fc31 - package-announce - Fedora Mailing-Lists
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2020/dsa-4602

Debian -- Security Information -- DSA-4602-1 xen

CVEs referencing this url
https://seclists.org/bugtraq/2020/Jan/21

Bugtraq: [SECURITY] [DSA 4602-1] xen security update

CVEs referencing this url
https://security.gentoo.org/glsa/202003-56

Xen: Multiple vulnerabilities (GLSA 202003-56) — Gentoo security

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/

[SECURITY] Fedora 30 Update: xen-4.11.3-2.fc30 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://xenbits.xen.org/xsa/advisory-310.html

XSA-310 - Xen Security Advisories
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-19580

Products affected by CVE-2019-19580

Exploit prediction scoring system (EPSS) score for CVE-2019-19580

CVSS scores for CVE-2019-19580

CWE ids for CVE-2019-19580

References for CVE-2019-19580