CVE-2018-19961 - Incomplete Cleanup

Severity

69%

Complexity

34%

Confidentiality

165%

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Demo Examples

Incomplete Cleanup

CWE-459

Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).


               
}
is.close();
log.error("Something bad happened: " + t.getMessage());

Overview

First reported 6 years ago

2018-12-08 04:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Xen

Debian Linux 9.0

9.0

Citrix XenServer 7.0

7.0

Citrix XenServer 7.5

7.5

References

openSUSE-SU-2019:1226

106182

Third Party Advisory, VDB Entry

[debian-lts-announce] 20191008 [SECURITY] [DLA 1949-1] xen security update

FEDORA-2019-bce6498890

https://support.citrix.com/article/CTX239432

Third Party Advisory

DSA-4369

Third Party Advisory

https://xenbits.xen.org/xsa/advisory-275.html

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.