Race condition in xen (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-19580 |
| CWE-ID | CWE-362 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Race condition
EUVDB-ID: #VU31977
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19580
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice.
MitigationInstall update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.9.0-r0 - 4.10.4-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=95332e4ed106c72d58a0a5490d0f608e3d76b83e
http://git.alpinelinux.org/aports/commit/?id=05b5ec57508952a3bf13538e1f72d2a5e9357796
http://git.alpinelinux.org/aports/commit/?id=29678cb92eeeb6dc96ec2e86481345797474ddb8
http://git.alpinelinux.org/aports/commit/?id=6a020fa149b82307ca356d1a3fe861420eb56d49
http://git.alpinelinux.org/aports/commit/?id=58d7b94f0134f00815145d95ee720d36d645c72e
http://git.alpinelinux.org/aports/commit/?id=5b04af6c9b65512ad9ff6f687e8651189bd186c5
http://git.alpinelinux.org/aports/commit/?id=8d6c01f17f4285e0142442bb8afcce72f4bd280b
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
