CVE Vulnerabilities

CVE-2019-17343

Improper Locking

Published: Oct 08, 2019 | Modified: Mar 31, 2022
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.

Weakness

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Software

Name Vendor Start Version End Version
Xen Xen * 4.11.2 (including)
Xen Ubuntu bionic *
Xen Ubuntu disco *
Xen Ubuntu eoan *
Xen Ubuntu esm-infra/bionic *
Xen Ubuntu esm-infra/xenial *
Xen Ubuntu groovy *
Xen Ubuntu hirsute *
Xen Ubuntu impish *
Xen Ubuntu trusty *
Xen Ubuntu xenial *

Extended Description

Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.

Potential Mitigations

References