Input validation error in Xen

#VU22541 Input validation error in Xen

Published: 2019-11-06

Vulnerability identifier: #VU22541

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18420

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the VCPUOP_initialise hypercall in Xen. A remote user on a guest operating system can run a specially crafted program and perform a denial of service attack against the host operating system.

Mitigation

xsa296.patch           Xen 4.9 ... unstable
xsa296-4.8.patch       Xen 4.7 ... 4.8

$ sha256sum xsa296*
71bd433f788dd511fad90165bc5ba9bcabe949eecd912f2a616e3c996960d67d  xsa296.meta
ccfd81b162b8535d952f56b1f87dfdd960e71bf07c1cf8388976e78e2e86cde5  xsa296.patch
b283be3df6789402553172b7fd582bfffb4fa72a6b33543439bd2fb1b87bfbd4  xsa296-4.8.patch
$

Vulnerable software versions

Xen: 4.6.0 - 4.9.4

External links
http://www.openwall.com/lists/oss-security/2019/10/31/1
http://xenbits.xen.org/xsa/advisory-296.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in xen (Alpine package)

Gentoo update for Xen

Debian update for xen

OpenSUSE Linux update for xen

Multiple vulnerabilities in Xen