{
  "threat_severity" : "Important",
  "public_date" : "2019-10-31T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: mishanding grant-table transfer allows x86 guest OS to cause a DoS or escalate their privileges",
    "id" : "1771349",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1771349"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-20",
  "details" : [ "An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.", "A flaw was found in xen. When the code processing grant table transfer requests finds a page with an address too large to be represented in the interface with the guest, it allocates a replacement page and copies page contents. The page as well as certain other remnants of an affected guest will be leaked due to being unfreeable upon domain cleanup. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-17340\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17340" ],
  "name" : "CVE-2019-17340",
  "csaw" : false
}