Bug 1771340 (CVE-2019-18425)
| Summary: | CVE-2019-18425 xen: missing descriptor table limit checking in x86 PV emulation leading to privilege escalation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, ailan, bhu, brdeoliv, dhoward, drjones, dvlasenk, fhrbata, hkrzesin, imammedo, jforbes, jshortt, jstancek, knoel, m.a.young, mrezanin, nmurray, pbonzini, rkrcmar, robinlee.sysu, rvrbovsk, vkuznets, xen-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was in Xen. Guest specified limits for descriptor table access, during PV guest operations, were found to not be enforced. An attacker with the ability to emulate 32-bit guest user mode calls through call gates, would be allowed to install and then use descriptors of their choice as long as the guest kernel did not, itself, install an LDT. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-02-24 15:18:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1771341 | ||
| Bug Blocks: | 1762982 | ||
|
Description
Marian Rehak
2019-11-12 08:33:19 UTC
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1771341] External References: http://xenbits.xen.org/xsa/advisory-298.html |