PT-2020-16115 · Xen+1 · Xen+1

Andrew Cooper

·

Published

2020-09-23

·

Updated

2024-06-15

·

CVE-2020-25598

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Xen versions 4.12 through 4.14.x
Description A missing unlock in the XENMEM acquire resource error path causes an RCU reference to be leaked. This can lead to a host Denial of Service when administration operations, such as CPU offline, livelock. The vulnerability can generally only be exploited by x86 HVM VMs, as these are the only type of VM that have a Qemu stubdomain. The side effects are believed to be benign on Xen versions 4.12 and 4.13.
Recommendations For Xen versions 4.12 through 4.14.x, apply the provided patches to resolve the issue. As a temporary workaround, consider restricting the use of HVM stubdomains to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2020-25598
OPENSUSE-SU-2020:1608-1
OPENSUSE-SU-2020_1608-1
OPENSUSE-SU-2024:11520-1
SUSE-SU-2020:2788-1
SUSE-SU-2020:2790-1
SUSE-SU-2020:2791-1

Affected Products

Suse
Xen