Bug 1767730 (CVE-2019-18424)
| Summary: | CVE-2019-18424 xen: passed through PCI devices may corrupt host memory after deassignment leading to privilege escalation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, ailan, bhu, brdeoliv, dhoward, drjones, dvlasenk, fhrbata, hkrzesin, imammedo, jforbes, jshortt, jstancek, knoel, m.a.young, mrezanin, nmurray, pbonzini, rkrcmar, robinlee.sysu, rvrbovsk, vkuznets, xen-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in Xen. A PCI device assigned to an untrusted domain can be programmed to an arbitrary address in DMA. When the guest domain is removed, the device is assigned back to dom0 allowing any in-flight DMA to potentially target critical host data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-02-24 15:17:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1767731 | ||
| Bug Blocks: | 1762982 | ||
|
Description
Marian Rehak
2019-11-01 09:04:50 UTC
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1767731] External References: http://xenbits.xen.org/xsa/advisory-302.html |