{"api_version":"1","generated_at":"2026-04-23T09:37:14+00:00","cve":"CVE-2018-19962","urls":{"html":"https://cve.report/CVE-2018-19962","api":"https://cve.report/api/cve/CVE-2018-19962.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-19962","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-19962"},"summary":{"title":"CVE-2018-19962","description":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-12-08 04:29:00","updated_at":"2023-11-07 02:55:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html","name":"openSUSE-SU-2019:1226","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1226-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html","name":"[debian-lts-announce] 20191008 [SECURITY] [DLA 1949-1] xen security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1949-1] xen security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106182","name":"106182","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Xen Multiple Privilege Escalation and Denial of Service Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/","name":"FEDORA-2019-bce6498890","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xen.org/xsa/advisory-275.html","name":"https://xenbits.xen.org/xsa/advisory-275.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"XSA-275 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2019/dsa-4369","name":"DSA-4369","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4369-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX239432","name":"https://support.citrix.com/article/CTX239432","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Citrix XenServer Security Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/","name":"FEDORA-2019-bce6498890","refsource":"","tags":[],"title":"[SECURITY] Fedora 28 Update: xen-4.10.3-2.fc28 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-19962","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19962","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.1","cpe7":"cu1","cpe8":"*","cpe9":"*","cpe10":"ltsr","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.1","cpe7":"cu1","cpe8":"*","cpe9":"*","cpe10":"ltsr","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"citrix","cpe5":"xenserver","cpe6":"7.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19962","vulnerable":"1","versionEndIncluding":"4.11.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-19962","qid":"500751","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2018-19962","qid":"504528","title":"Alpine Linux Security Update for xen"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-19962","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://support.citrix.com/article/CTX239432","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX239432"},{"name":"DSA-4369","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4369"},{"name":"106182","refsource":"BID","url":"http://www.securityfocus.com/bid/106182"},{"name":"https://xenbits.xen.org/xsa/advisory-275.html","refsource":"MISC","url":"https://xenbits.xen.org/xsa/advisory-275.html"},{"refsource":"FEDORA","name":"FEDORA-2019-bce6498890","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXC6BME7SXJI2ZIATNXCAH7RGPI4UKTT/"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1226","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20191008 [SECURITY] [DLA 1949-1] xen security update","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00008.html"}]}},"nvd":{"publishedDate":"2018-12-08 04:29:00","lastModifiedDate":"2023-11-07 02:55:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.1,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.11.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xenserver:7.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xenserver:7.6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:citrix:xenserver:7.1:cu1:*:*:ltsr:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"19962","Ordinal":"138810","Title":"CVE-2018-19962","CVE":"CVE-2018-19962","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"19962","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"19962","Ordinal":"2","NoteData":"2018-12-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"19962","Ordinal":"3","NoteData":"2019-10-08","Type":"Other","Title":"Modified"}]}}}