CVE-2018-19965
Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 08 Dec 2018, 04:00
Last modified:05 Aug 2024, 11:51
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
v3.0 (nvd)
EPSS Score
0.18% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Dec 2018, 04:00
Published
Vulnerability first disclosed
05 Aug 2024, 11:51
Last Modified
Vulnerability information updated
Description
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.6CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.18%• Percentile: 39%
Affected Systems
- citrix•xenserver
7.0 | 7.1:cu1 | 7.5 | 7.6
- debian•debian_linux
9.0
- xen•xen
≤ 4.11.1
References (6)
- https://support.citrix.com/article/CTX239432
- https://xenbits.xen.org/xsa/advisory-279.html
- https://www.debian.org/security/2019/dsa-4369
- http://www.securityfocus.com/bid/106182
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html