PT-2020-16121 · Xen+3 · Xen+3

Igor Druzhinin

Published

2020-09-23

Updated

2024-06-15

CVE-2020-25604

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.14.x

Description A race condition exists when migrating timers between x86 HVM vCPUs, potentially causing a hang or crash of the hypervisor, resulting in a Denial of Service (DoS). The issue is specific to x86 systems and can only be leveraged by x86 HVM guests with more than one vCPU.

Recommendations For Xen versions prior to 4.14.x, consider restricting the use of multiple vCPUs for x86 HVM guests to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the number of vCPUs for affected guests may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2020-25604

DSA-4769-1

OPENSUSE-SU-2020:1608-1

OPENSUSE-SU-2020_1608-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2020:14521-1

SUSE-SU-2020:2786-1

SUSE-SU-2020:2787-1

SUSE-SU-2020:2788-1

SUSE-SU-2020:2789-1

SUSE-SU-2020:2790-1

SUSE-SU-2020:2791-1

SUSE-SU-2020:2822-1

USN-5617-1

Affected Products

Linuxmint

Suse

Ubuntu

Xen

PT-2020-16121 · Xen+3 · Xen+3

CVE-2020-25604

Weakness Enumeration

Related Identifiers

Affected Products

References · 168