CVE-2018-19965

CVSS v3.0 5.6 (Medium)

CVSS v2.0 4.7 (Medium)

EPSS 0.06 % (28^th)

Affected Products 3

Advisories 14

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

Weaknesses

CWE-NVD-noinfo

Related CVEs

CVE-2017-5754

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-12-08 04:29:00
(5 years ago)
Updated Date: 2023-11-07 02:55:46
(10 months ago)

Affected Products

Citrix

Xenserver

Debian

Debian Linux

Xen

Configuration #1

		CPE23	From	Up To
	Xen 4.11.1 and prior versions	cpe:2.3:o:xen:xen		<= 4.11.1

Configuration #2

		CPE23	From	Up To
	Citrix Xenserver 7.0	cpe:2.3:a:citrix:xenserver:7.0
	Citrix Xenserver 7.1 Cu1	cpe:2.3:a:citrix:xenserver:7.1:cu1:::ltsr
	Citrix Xenserver 7.5	cpe:2.3:a:citrix:xenserver:7.5
	Citrix Xenserver 7.6	cpe:2.3:a:citrix:xenserver:7.6

Configuration #3

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0