CVE-2020-15563

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html

http://www.openwall.com/lists/oss-security/2020/07/07/3

http://xenbits.xen.org/xsa/advisory-319.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/

https://security.gentoo.org/glsa/202007-02

https://www.debian.org/security/2020/dsa-4723

Details

Source: MITRE

Published: 2020-07-07

Updated: 2020-07-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* versions from 4.8.0 to 4.13.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:10:*:*:*:*:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
149087Xen Inverted Conditional DoS (XSA-319)NessusMisc.
medium
138925GLSA-202007-02 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
138864Fedora 31 : xen (2020-76cf2b0f0a)NessusFedora Local Security Checks
high
138749openSUSE Security Update : xen (openSUSE-2020-985)NessusSuSE Local Security Checks
high
138741openSUSE Security Update : xen (openSUSE-2020-965)NessusSuSE Local Security Checks
high
138535Fedora 32 : xen (2020-fbc13516af)NessusFedora Local Security Checks
high
138495SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1902-1)NessusSuSE Local Security Checks
high
138492SUSE SLES12 Security Update : xen (SUSE-SU-2020:1891-1)NessusSuSE Local Security Checks
high
138434SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:1889-1)NessusSuSE Local Security Checks
high
138433SUSE SLES12 Security Update : xen (SUSE-SU-2020:1887-1)NessusSuSE Local Security Checks
high
138432SUSE SLES12 Security Update : xen (SUSE-SU-2020:1886-1)NessusSuSE Local Security Checks
high
138394Debian DSA-4723-1 : xen - security updateNessusDebian Local Security Checks
high