CVE-2020-11743
Debian Security Advisory 4723-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.
Se detectó un problema en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo causar una denegación de servicio debido a una ruta de error incorrecta en GNTTABOP_map_grant. Es esperado que las operaciones de la tabla de concesiones devuelvan 0 para el éxito y un número negativo para los errores. Algunos corchetes mal colocados causan que una ruta de error devuelva 1 en lugar de un valor negativo. El código de la tabla de concesión en Linux trata esta condición como exitosa y continúa incorrectamente con un estado inicializado. Un invitado con errores o malicioso puede construir su tabla de concesión de tal manera que, cuando un dominio del backend intente asignar una concesión, llegue a la ruta de error incorrecta. Esto bloqueará un dom0 o un dominio del backend basado en Linux.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-14 CVE Reserved
- 2020-04-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-755: Improper Handling of Exceptional Conditions
CAPEC
References (9)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-316.html | 2024-08-04 | |
| https://xenbits.xen.org/xsa/advisory-316.html | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/04/14/3 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.13.0 Search vendor "Xen" for product "Xen" and version " <= 4.13.0" | - |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.13.0 Search vendor "Xen" for product "Xen" and version "4.13.0" | rc1 |
Affected
| ||||||
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.13.0 Search vendor "Xen" for product "Xen" and version "4.13.0" | rc2 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||