CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25596 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25596
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25604 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25604
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25602 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25602
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV gues... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25601 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25601
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of t... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25600 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25600
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit d... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25599 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25599
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25598
https://notcve.org/view.php?id=CVE-2020-25598
23 Sep 2020 — An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25595 – Ubuntu Security Notice USN-5617-1
https://notcve.org/view.php?id=CVE-2020-25595
23 Sep 2020 — An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to cra... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6558 – Debian Security Advisory 4824-1
https://notcve.org/view.php?id=CVE-2020-6558
21 Sep 2020 — Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación insuficiente de la política en iOSWeb en Google Chrome en iOS versiones anteriores a 85.0.4183.83, permitía a un atacante remoto omitir restricciones de navegación por medio de una página HTML diseñada Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary cod... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00072.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2020-15966 – chromium-browser: Insufficient policy enforcement in extensions
https://notcve.org/view.php?id=CVE-2020-15966
21 Sep 2020 — Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. Una aplicación insuficiente de la política en extensions en Google Chrome versiones anteriores a 85.0.4183.121, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa obtener información potencialmente confidencial por medio de una Chrome Extens... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html •