CVE-2019-18420

Name: CVE-2019-18420
Creator: NVD / NIST
Published: 2019-10-31T14:15:10.65+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 2.52%

Last modified Jun 17, 2026

CVE-2019-18420 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. EPSS estimates a 2.52% chance of exploitation in the next 30 days.

Description

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.52%

82.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-134

Affected Software

Vendor	Product	Versions
Xen	Xen	<= 4.12.1
Debian	Debian Linux	9.0
Debian	Debian Linux	10.0
Fedoraproject	Fedora	29
Fedoraproject	Fedora	30
Fedoraproject	Fedora	31

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.htmlBroken Link, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/31/1Mailing List, Patch, Third Party Advisory
http://xenbits.xen.org/xsa/advisory-296.htmlPatch, Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://seclists.org/bugtraq/2020/Jan/21Mailing List, Third Party Advisory
https://security.gentoo.org/glsa/202003-56Third Party Advisory
https://www.debian.org/security/2020/dsa-4602Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00037.htmlBroken Link, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/31/1Mailing List, Patch, Third Party Advisory
http://xenbits.xen.org/xsa/advisory-296.htmlPatch, Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BQKX7M2RHCWDBKNPX4KEBI3MJIH6AYZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/
https://seclists.org/bugtraq/2020/Jan/21Mailing List, Third Party Advisory
https://security.gentoo.org/glsa/202003-56Third Party Advisory
https://www.debian.org/security/2020/dsa-4602Third Party Advisory

Timeline

Published: Oct 31, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-18420?

How severe is CVE-2019-18420?

CVE-2019-18420 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 2.52% probability of exploitation in the next 30 days.

How do I fix CVE-2019-18420?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-18420?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST