#VU22536 Resource management error in Xen


Published: 2019-11-05

Vulnerability identifier: #VU22536

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18422

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack or possibly escalate privileges.

The vulnerability exists due to way Xen handles exceptions on ARM systems, without changing processor level. A local user can force a critical Xen code to run with interrupts erroneously enabled during exception entry that may lead to data corruption, denial of service and potential privilege escalation.

Note, the vulnerability affects ARM systems only.

Mitigation

Applying the appropriate attached patch resolves this issue.

xsa303/*.patch         xen-unstable .. Xen 4.9
xsa303-4.8/*.patch     Xen 4.8

$ sha256sum xsa303* xsa303*/*
66b3eb28cfa633999da7480a37cd919293eb87aa730e7bc58b12c47bcdb0c9c0  xsa303.meta
7769eee9b876cdb7dde2ec664d34a5067f9b639d5c543ee89ff2eda818f04cab  xsa303-4.8/0001-Revert-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY.patch
f1337aa8c4b38f4ab61e7206c7bd8f5c782583947d9b9e1e8c6f139db73ca2cb  xsa303-4.8/0002-xen-arm32-entry-Consolidate-DEFINE_TRAP_ENTRY-macros.patch
160ea6acfba85faf1cbb670b0a3873f025c0dab388f73018a22a61104e1a5fe1  xsa303-4.8/0003-xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro.patch
2cc1e3282263f03c6b9c6e05039f84173b8dbc893a2cd88f80ce2275ff7478d8  xsa303-4.8/0004-xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wi.patch
63c4a90c45ae28032e0149353cafd495cce5caa8c84ad022d21b8078710e996d  xsa303-4.8/0005-xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wi.patch
4da48a29aaad85a410021952b2b3cb4dae14365c688e724ed7fc80feea1334df  xsa303/0001-xen-arm32-entry-Split-__DEFINE_ENTRY_TRAP-in-two.patch
99773cbfb6f0df5f0c83477c9dcd39127cb361213455bd2cb1f6bcfe4566d5a2  xsa303/0002-xen-arm32-entry-Fold-the-macro-SAVE_ALL-in-the-macro.patch
9e8241c311aa8da7fcb1da09b9d8b5a55c26a10f02355e37e97d1e7a3b6db7be  xsa303/0003-xen-arm32-Don-t-blindly-unmask-interrupts-on-trap-wi.patch
4c9bc0d0b27eff06f65f1a679263ffbcc8aa4c65117840284dc115ae49e7966d  xsa303/0004-xen-arm64-Don-t-blindly-unmask-interrupts-on-trap-wi.patch
$

Vulnerable software versions

Xen: 4.8.0 - 4.9.4


External links
http://www.openwall.com/lists/oss-security/2019/10/31/5
http://xenbits.xen.org/xsa/advisory-303.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability