Bug 1771344 (CVE-2019-18423) - CVE-2019-18423 xen: add-to-physmap can be abused to DoS Arm hosts
Summary: CVE-2019-18423 xen: add-to-physmap can be abused to DoS Arm hosts
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-18423
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1771345
Blocks: 1762982
TreeView+ depends on / blocked
 
Reported: 2019-11-12 08:39 UTC by Marian Rehak
Modified: 2020-02-24 15:11 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-24 15:11:11 UTC


Attachments (Terms of Use)

Description Marian Rehak 2019-11-12 08:39:45 UTC
The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL.

Upstream advisory and patch:

http://xenbits.xen.org/xsa/advisory-301.html

Comment 1 Marian Rehak 2019-11-12 08:39:56 UTC
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1771345]

Comment 2 Marian Rehak 2019-11-12 08:44:56 UTC
Xen version 4.8 and newer are vulnerable.
Only Arm systems are vulnerable. x86 systems are not affected.


Note You need to log in before you can comment on or make changes to this bug.