Xen through 4.11.x Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) Vulnerability

Summary

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users

Credit:

The information has been provided by Jan Beulich

The original article can be found at:https://xenbits.xen.org/xsa/advisory-285.html

 


Details

Cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.

Vulnerable Systems:

Xen through 4.11.x

CVE Information:

CVE-2019-17341

Disclosure Timeline:
Published Date:10/07/2019