CVE Daily

CVE-2018-19965

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users ...

Medium CVSS 5.6

Overview

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

CWE: N/A Published: 2018-12-08T04:29:00.420
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.6 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags