{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-14T22:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-284.html"}, {"tags": ["x_refsource_MISC"], "url": "https://xenbits.xen.org/xsa/advisory-284.html"}, {"name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17340", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/xsa/advisory-284.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-284.html"}, {"name": "https://xenbits.xen.org/xsa/advisory-284.html", "refsource": "MISC", "url": "https://xenbits.xen.org/xsa/advisory-284.html"}, {"name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"}, {"name": "DSA-4602", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/21"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:14.863Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-284.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-284.html"}, {"name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"}, {"name": "DSA-4602", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"name": "20200114 [SECURITY] [DSA 4602-1] xen security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17340", "datePublished": "2019-10-08T00:03:29", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2024-08-05T01:40:14.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "D20D1369-7594-435B-8664-9CBA3917A05D", "versionEndIncluding": "4.11.2", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.11.x, permitiendo a usuarios del sistema operativo invitado de x86, causar una denegaci\u00f3n de servicio u alcanzar privilegios porque las peticiones de transferencia grant-table son manejadas inapropiadamente."}], "id": "CVE-2019-17340", "lastModified": "2022-03-31T18:09:55.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-08T01:15:10.453", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-284.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2020/Jan/21"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4602"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-284.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xen: mishanding grant-table transfer allows x86 guest OS to cause a DoS or escalate their privileges", "id": "1771349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1771349"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.", "A flaw was found in xen. When the code processing grant table transfer requests finds a page with an address too large to be represented in the interface with the guest, it allocates a replacement page and copies page contents. The page as well as certain other remnants of an affected guest will be leaked due to being unfreeable upon domain cleanup. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2019-17340", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel-xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-10-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-17340\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17340"], "threat_severity": "Important"}