Xen CVE-2019-18423 Denial of Service Vulnerability

2019-10-3100:00:00

Symantec Security Response

www.symantec.com

0.009 Low

EPSS

Percentile

82.8%

JSON

Description

Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash hypervisor, denying service to legitimate users. Xen version 4.8 and later are vulnerable.

Technologies Affected

Xen Xen 4.10
Xen Xen 4.10.0
Xen Xen 4.10.1
Xen Xen 4.10.2
Xen Xen 4.11.0
Xen Xen 4.12.0
Xen Xen 4.8.0
Xen Xen 4.8.4
Xen Xen 4.9
Xen Xen 4.9.0
Xen Xen 4.9.1
Xen Xen 4.9.2
Xen Xen 4.9.3

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Allow only trusted individuals to have user accounts and local access to the resources.

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
xen xeneq4.8.4
xen xeneq4.9.3
xen xeneq4.12.0
xen xeneq4.9.1
xen xeneq4.10
xen xeneq4.10.1
xen xeneq4.10.0
xen xeneq4.9.0
xen xeneq4.9.2
xen xeneq4.9