1771344 – (CVE-2019-18423) CVE-2019-18423 xen: add-to-physmap can be abused to DoS Arm hosts

Bug 1771344 (CVE-2019-18423) - CVE-2019-18423 xen: add-to-physmap can be abused to DoS Arm hosts

Summary: CVE-2019-18423 xen: add-to-physmap can be abused to DoS Arm hosts

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-18423
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1771345
Blocks:	1762982
TreeView+	depends on / blocked

Reported:	2019-11-12 08:39 UTC by Marian Rehak
Modified:	2020-02-24 15:11 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2020-02-24 15:11:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2019-11-12 08:39:45 UTC

The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL.

Upstream advisory and patch:

http://xenbits.xen.org/xsa/advisory-301.html

Comment 1 Marian Rehak 2019-11-12 08:39:56 UTC

Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1771345]

Comment 2 Marian Rehak 2019-11-12 08:44:56 UTC

Xen version 4.8 and newer are vulnerable.
Only Arm systems are vulnerable. x86 systems are not affected.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
ailan
bhu
brdeoliv
dhoward
drjones
dvlasenk
fhrbata
hkrzesin
imammedo
jforbes
jshortt
jstancek
knoel
m.a.young
mrezanin
nmurray
pbonzini
rkrcmar
robinlee.sysu
rvrbovsk
vkuznets
xen-maint