CVE-2020-29569

HIGH

Description

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

References

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://security.netapp.com/advisory/ntap-20210205-0001/

https://www.debian.org/security/2021/dsa-4843

https://xenbits.xenproject.org/xsa/advisory-350.html

Details

Source: MITRE

Published: 2020-12-15

Updated: 2021-03-15

Type: CWE-252

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
148009Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)NessusUbuntu Local Security Checks
high
148001Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4876-1)NessusUbuntu Local Security Checks
high
147983Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)NessusUbuntu Local Security Checks
high
147978Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4751-1)NessusUbuntu Local Security Checks
high
147532Debian DLA-2586-1 : linux security updateNessusDebian Local Security Checks
high
146685SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0532-1)NessusSuSE Local Security Checks
high
146512Debian DLA-2557-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
146511SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)NessusSuSE Local Security Checks
high
146476SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)NessusSuSE Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146470SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)NessusSuSE Local Security Checks
high
146406SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0427-1)NessusSuSE Local Security Checks
high
146401SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0408-1)NessusSuSE Local Security Checks
high
146366SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0354-1)NessusSuSE Local Security Checks
high
146362SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)NessusSuSE Local Security Checks
high
146359SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0353-1)NessusSuSE Local Security Checks
high
146293openSUSE Security Update : the Linux Kernel (openSUSE-2021-241)NessusSuSE Local Security Checks
high
146217EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)NessusHuawei Local Security Checks
high
146052Debian DSA-4843-1 : linux - security updateNessusDebian Local Security Checks
high
146047Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9025)NessusOracle Linux Local Security Checks
high
146045Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9024)NessusOracle Linux Local Security Checks
high
145700Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9023)NessusOracle Linux Local Security Checks
high
145458Amazon Linux AMI : kernel (ALAS-2021-1477)NessusAmazon Linux Local Security Checks
high
145456Amazon Linux 2 : kernel (ALAS-2021-1588)NessusAmazon Linux Local Security Checks
high
145287openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)NessusSuSE Local Security Checks
high
144907Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)NessusOracle Linux Local Security Checks
high
144906Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)NessusOracle Linux Local Security Checks
high
144905Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009)NessusOracle Linux Local Security Checks
high
144904Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)NessusOracle Linux Local Security Checks
high
144903Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9008)NessusOracle Linux Local Security Checks
high
144902Photon OS 3.0: Linux PHSA-2021-3.0-0182NessusPhotonOS Local Security Checks
high
144898Photon OS 2.0: Linux PHSA-2021-2.0-0310NessusPhotonOS Local Security Checks
high