CVE-2019-17351 - OpenCVE

An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/10/25/9
http://xenbits.xen.org/xsa/advisory-300.html
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3	Third Party Advisory
https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://xenbits.xen.org/xsa/advisory-300.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-08T00:00:30

Updated: 2020-03-11T23:06:07

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17351

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-08T00:15:10.617

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-17351

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T23:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-300.html"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"}, {"tags": ["x_refsource_MISC"], "url": "https://xenbits.xen.org/xsa/advisory-300.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844"}, {"name": "[oss-security] 20191025 Xen Security Advisory 300 v3 (CVE-2019-17351) - Linux: No grant table and foreign mapping limits", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/25/9"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "USN-4286-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4286-2/"}, {"name": "USN-4286-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4286-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17351", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/xsa/advisory-300.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-300.html"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"}, {"name": "https://xenbits.xen.org/xsa/advisory-300.html", "refsource": "MISC", "url": "https://xenbits.xen.org/xsa/advisory-300.html"}, {"name": "https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844"}, {"name": "[oss-security] 20191025 Xen Security Advisory 300 v3 (CVE-2019-17351) - Linux: No grant table and foreign mapping limits", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/9"}, {"name": "https://security.netapp.com/advisory/ntap-20191031-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "USN-4286-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4286-2/"}, {"name": "USN-4286-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4286-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17351", "datePublished": "2019-10-08T00:00:30", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2020-03-11T23:06:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "44BCD11F-9BBA-47D2-94DF-C1E52317A7B3", "versionEndIncluding": "4.12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "38844317-DEDF-4600-BA0E-C7D28D8EC200", "versionEndExcluding": "5.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el archivo drivers/xen/balloon.c en el kernel de Linux versiones anteriores a 5.2.3, como es usado en Xen versiones hasta 4.12.x, permitiendo a usuarios del sistema operativo invitado causar una denegaci\u00f3n de servicio debido al consumo de recursos sin restricciones durante la asignaci\u00f3n de la memoria de invitado , tambi\u00e9n se conoce como CID-6ef36ab967c7."}], "id": "CVE-2019-17351", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-08T00:15:10.617", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/9"}, {"source": "cve@mitre.org", "url": "http://xenbits.xen.org/xsa/advisory-300.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/6ef36ab967c71690ebe7e5ef997a8be4da3bc844"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4286-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4286-2/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-300.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}