PT-2020-16120 · Xen+3 · Xen+3

Julien Grall

Published

2020-09-23

Updated

2024-06-15

CVE-2020-25603

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description A issue in Xen allows a malicious guest to cause a hypervisor crash, resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. The vulnerability is due to missing memory barriers when accessing or allocating an event channel, which can be accessed lockless as long as the port is considered valid. The presence and scope of the vulnerability depend on the CPU and compiler used to build Xen.

Recommendations For versions prior to 4.14.x, update to a version that includes the necessary memory barriers to prevent the compiler and CPU from re-ordering access. As a temporary workaround, consider implementing additional memory barriers (e.g., smp *mb()) when accessing or allocating an event channel to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2020-25603

DSA-4769-1

OPENSUSE-SU-2020:1608-1

OPENSUSE-SU-2020_1608-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2020:14521-1

SUSE-SU-2020:2786-1

SUSE-SU-2020:2787-1

SUSE-SU-2020:2788-1

SUSE-SU-2020:2789-1

SUSE-SU-2020:2790-1

SUSE-SU-2020:2791-1

SUSE-SU-2020:2822-1

USN-5617-1

Affected Products

Linuxmint

Suse

Ubuntu

Xen

PT-2020-16120 · Xen+3 · Xen+3

CVE-2020-25603

Weakness Enumeration

Related Identifiers

Affected Products

References · 168