What is the severity of CVE-2019-18424?

CVE-2019-18424 has been classified with a high severity due to the potential for attackers to gain host OS privileges.

How do I fix CVE-2019-18424?

To fix CVE-2019-18424, upgrade to a version of Xen released after 4.12.1 or apply relevant patches provided by your distribution.

Which systems are affected by CVE-2019-18424?

CVE-2019-18424 affects various versions of Xen, Debian, Fedora, and openSUSE systems that utilize certain versions of the Xen hypervisor.

What causes CVE-2019-18424 vulnerability?

CVE-2019-18424 is caused by improper handling of passed-through PCI devices that may corrupt host memory when deassigned.

Can untrusted domains exploit CVE-2019-18424?

Yes, untrusted domains can exploit CVE-2019-18424 to gain elevated privileges on the host OS by accessing physical devices.

Vulnerability/
CVE-2019-18424

medium

6.9

CWE

31/10/2019

5/8/2024

CVE-2019-18424: OS Command Injection

First published: Thu Oct 31 2019(Updated: )

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/xen		4.11.4+107-gef32c7afa2-1 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.2+76-ge1f9cb16e2-1~deb12u1 4.17.2+76-ge1f9cb16e2-1
Xen XAPI	<=4.12.1
Debian	=9.0
Debian	=10.0
Fedora	=29
Fedora	=30
Fedora	=31
SUSE Linux	=15.0

Remedy

http://xenbits.xen.org/xsa/advisory-302.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-18424?
CVE-2019-18424 has been classified with a high severity due to the potential for attackers to gain host OS privileges.
How do I fix CVE-2019-18424?
To fix CVE-2019-18424, upgrade to a version of Xen released after 4.12.1 or apply relevant patches provided by your distribution.
Which systems are affected by CVE-2019-18424?
CVE-2019-18424 affects various versions of Xen, Debian, Fedora, and openSUSE systems that utilize certain versions of the Xen hypervisor.
What causes CVE-2019-18424 vulnerability?
CVE-2019-18424 is caused by improper handling of passed-through PCI devices that may corrupt host memory when deassigned.
Can untrusted domains exploit CVE-2019-18424?
Yes, untrusted domains can exploit CVE-2019-18424 to gain elevated privileges on the host OS by accessing physical devices.

collector/security-tracker-debian
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/remedy
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/debian
vendor/xen
canonical/xen xapi
version/xen xapi/4.12.1
vendor/debian
canonical/debian
version/debian/9.0
version/debian/10.0
vendor/fedoraproject
canonical/fedora
version/fedora/29
version/fedora/30
version/fedora/31
vendor/opensuse
canonical/suse linux
version/suse linux/15.0