Home > Vulnerability Database > CVE-2019-18424

Mend.io Vulnerability Database

CVE-2019-18424

Good to know:

Date: October 31, 2019

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.

Language: C

Severity Score

6.8

Related Resources (19)

Url: https://seclists.org/bugtraq/2020/Jan/21

Url: https://access.redhat.com/security/cve/CVE-2019-18424

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18424

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-18424

Url: https://security-tracker.debian.org/tracker/CVE-2019-18424

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.html

Url: https://github.com/xen-project/xen/commit/319f9a0ba94c7db505cd5dd9cb0b037ab1aa8e12

Url: http://www.openwall.com/lists/oss-security/2019/10/31/6

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

Url: https://security.gentoo.org/glsa/202003-56

Url: https://security.alpinelinux.org/vuln/CVE-2019-18424

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/

Url: https://www.debian.org/security/2020/dsa-4602

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/

Url: http://xenbits.xen.org/xsa/advisory-302.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/

Url: https://www.mend.io/vulnerability-database/CVE-2019-18424

Severity Score

6.8

Weakness Type (CWE)

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version 4.13.0-rc2

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-18424

Good to know:

Date: October 31, 2019

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?