CVE & CISA-KEV Catalog

CVE-2019-18425

CRITICALEPSS 83th pctl
9.8
CVSS v3
NVD

Description

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected.

How to fix

Remediation Available
xenDebian
Fixed in:4.11.3+24-g14b62ab3e5-1CVE-2019-18425
Fixed in:4.11.3+24-g14b62ab3e5-1CVE-2019-18425
Fixed in:4.11.3+24-g14b62ab3e5-1CVE-2019-18425
Fixed in:4.11.3+24-g14b62ab3e5-1CVE-2019-18425

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

2.55%probability of exploitation in 30 days
83rdpercentile

Elevated risk: more likely to be exploited than 83% of all known CVEs.

References

Related Vulnerabilities

Other CWE-269 (Improper Privilege Management) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2017-12635Critical9.8100%-Fix
CVE-2022-24637Critical9.899%-Fix
CVE-2017-5689Critical9.892%KEVFix
CVE-2020-3243Critical9.888%--
CVE-2024-21888High8.887%--
CVE-2022-0441Critical9.885%-Fix
Embed a live status badge for CVE-2019-18425
CVE-2019-18425 severity badge

Markdown

[![CVE-2019-18425](https://tridentstack.com/cve/badge/CVE-2019-18425.svg)](https://tridentstack.com/cve/CVE-2019-18425)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-18425"><img src="https://tridentstack.com/cve/badge/CVE-2019-18425.svg" alt="CVE-2019-18425"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.