Home

CVE-2018-19961

Description

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.181

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Citrix XenCenter 7.0Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 7.5Windows
Vulnerabilities CVE-2018-19961,CVE-2018-19962,CVE-2018-19965 are affected in Citrix XenCenter 7.6Windows
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-debugsource-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-32bit-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-debuginfo-32bit-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-doc-html-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-domU-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-domU-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
Incomplete Cleanup Vulnerability (CVE-2018-19961)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234