CVE-2020-29481

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.

References

https://xenbits.xenproject.org/xsa/advisory-322.html

https://www.debian.org/security/2020/dsa-4812

http://www.openwall.com/lists/oss-security/2020/12/16/3

https://lists.fedoraproject.org/archives/list/[email protected]/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/

Details

Source: MITRE

Published: 2020-12-15

Updated: 2021-07-21

Type: CWE-668

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
150656SUSE SLES11 Security Update : xen (SUSE-SU-2020:14578-1)NessusSuSE Local Security Checks
high
150180OracleVM 3.4 : xen (OVMSA-2021-0014)NessusOracleVM Local Security Checks
high
145360openSUSE Security Update : xen (openSUSE-2020-2313)NessusSuSE Local Security Checks
high
145322openSUSE Security Update : xen (openSUSE-2020-2331)NessusSuSE Local Security Checks
high
144637SUSE SLES12 Security Update : xen (SUSE-SU-2020:3945-1)NessusSuSE Local Security Checks
high
144613Fedora 32 : xen (2020-df772b417b)NessusFedora Local Security Checks
high
144611Fedora 33 : xen (2020-64859a826b)NessusFedora Local Security Checks
high
144580SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3915-1)NessusSuSE Local Security Checks
high
144576SUSE SLES12 Security Update : xen (SUSE-SU-2020:3914-1)NessusSuSE Local Security Checks
high
144570SUSE SLES12 Security Update : xen (SUSE-SU-2020:3913-1)NessusSuSE Local Security Checks
high
144492SUSE SLES12 Security Update : xen (SUSE-SU-2020:3880-1)NessusSuSE Local Security Checks
medium
144476SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2020:3881-1)NessusSuSE Local Security Checks
high
144322Debian DSA-4812-1 : xen - security updateNessusDebian Local Security Checks
high