Home

CVE-2018-19962

Description

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.181

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Citrix XenCenter 7.0Windows
Multiple Vulnerabilities are affected in Citrix XenCenter 7.5Windows
Vulnerabilities CVE-2018-19961,CVE-2018-19962,CVE-2018-19965 are affected in Citrix XenCenter 7.6Windows
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-debugsource-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-32bit-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Desktop 12-SP3 ) xen-libs-debuginfo-32bit-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-doc-html-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-domU-4.9.3_03-3.47.1.x86_64.rpmLinux
SUSE-SU-2018:4070-1(SUSE Linux Enterprise Server 12-SP3 ) xen-tools-domU-debuginfo-4.9.3_03-3.47.1.x86_64.rpmLinux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19962)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234