Vulnerability Description
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.12.1 |
| Linux | Linux Kernel | < 5.2.3 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/10/25/9
- http://xenbits.xen.org/xsa/advisory-300.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3Third Party Advisory
- https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc84PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4286-2/
- https://xenbits.xen.org/xsa/advisory-300.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2019/10/25/9
- http://xenbits.xen.org/xsa/advisory-300.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3Third Party Advisory
- https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc84PatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://usn.ubuntu.com/4286-1/
- https://usn.ubuntu.com/4286-2/
FAQ
What is CVE-2019-17351?
CVE-2019-17351 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource ...
How severe is CVE-2019-17351?
CVE-2019-17351 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17351?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Linux Linux Kernel.