CVE-2020-15563
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.
Se detectó un problema en Xen versiones hasta 4.13.x, que permitía a usuarios del Sistema Operativo invitado x86 HVM causar un bloqueo del hipervisor. Un condicional invertido en el código de seguimiento de RAM de video sucio de los invitados x86 HVM permite a dichos invitados hacer que Xen desreferencie un puntero garantizado para apuntar a un espacio no asignado. Un invitado de HVM malicioso o con errores puede hacer que el hipervisor se bloquee, resultando en una Denegación de Servicio (DoS) que afecta a todo el host. Xen versiones desde 4.8 en adelante están afectadas. Xen versiones desde 4.7 y anteriores no están afectadas. Solo los sistemas x86 están afectados. Los sistemas de Arm no están afectados. Solo los invitados x86 HVM que usan paginación shadow pueden aprovechar la vulnerabilidad. Además, debe existir una entidad que supervise activamente el búfer de tramas de video de un invitado (generalmente para fines de visualización) para que dicho invitado pueda aprovechar la vulnerabilidad. Los invitados x86 PV, así como los invitados x86 HVM que usan paginación asistida por hardware (HAP), no pueden aprovechar la vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-06 CVE Reserved
- 2020-07-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/07/07/3 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-319.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | >= 4.8.0 <= 4.13.1 Search vendor "Xen" for product "Xen" and version " >= 4.8.0 <= 4.13.1" | x86 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||