1. Home
  2. CVE Database
  3. CVE-2018-19966
HIGH · 8.8

CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for ...

Vulnerability Description

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
XenXen>= 4.11.0, <= 4.11.1
DebianDebian Linux9.0

Related Weaknesses (CWE)

CWE-436

References

FAQ

What is CVE-2018-19966?

CVE-2018-19966 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for ...

How severe is CVE-2018-19966?

CVE-2018-19966 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19966?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Debian Debian Linux.