CVE-2020-15563

Ubuntu Security Notice USN-5617-1

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.

Se detectó un problema en Xen versiones hasta 4.13.x, que permitía a usuarios del Sistema Operativo invitado x86 HVM causar un bloqueo del hipervisor. Un condicional invertido en el código de seguimiento de RAM de video sucio de los invitados x86 HVM permite a dichos invitados hacer que Xen desreferencie un puntero garantizado para apuntar a un espacio no asignado. Un invitado de HVM malicioso o con errores puede hacer que el hipervisor se bloquee, resultando en una Denegación de Servicio (DoS) que afecta a todo el host. Xen versiones desde 4.8 en adelante están afectadas. Xen versiones desde 4.7 y anteriores no están afectadas. Solo los sistemas x86 están afectados. Los sistemas de Arm no están afectados. Solo los invitados x86 HVM que usan paginación shadow pueden aprovechar la vulnerabilidad. Además, debe existir una entidad que supervise activamente el búfer de tramas de video de un invitado (generalmente para fines de visualización) para que dicho invitado pueda aprovechar la vulnerabilidad. Los invitados x86 PV, así como los invitados x86 HVM que usan paginación asistida por hardware (HAP), no pueden aprovechar la vulnerabilidad

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use this to expose sensitive information. Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or escalate privileges.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-07-06 CVE Reserved
2020-07-07 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (8)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2020/07/07/3	Mailing List

URL	Date	SRC

URL	Date	SRC
http://xenbits.xen.org/xsa/advisory-319.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP	2023-11-07
https://security.gentoo.org/glsa/202007-02	2023-11-07
https://www.debian.org/security/2020/dsa-4723	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				>= 4.8.0 <= 4.13.1 Search vendor "Xen" for product "Xen" and version " >= 4.8.0 <= 4.13.1"		x86		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected