CVE-2020-25603
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.
Se detectó un problema en Xen versiones hasta 4.14.x. Se presenta una carencia de barreras de memoria al acceder y asignar un canal de eventos. Las estructuras de control de canales de eventos pueden ser accedidas sin lock siempre que el puerto se considere válido. A dicha secuencia le falta una barrera de memoria adecuada (por ejemplo, smp_* mb()) para evitar que tanto el compilador como la CPU reordenen el acceso. Un invitado malicioso puede causar un bloqueo del hypervisor que resulte en una Denegación de Servicio (DoS). Un filtrado de información y una escalada de privilegios no puede ser excluidas. Los sistemas que ejecutan todas las versiones de Xen están afectados. La vulnerabilidad de un sistema dependerá de la CPU y el compilador usados para construir Xen. Para todos los sistemas, la presencia y el alcance de la vulnerabilidad dependen del reordenamiento preciso realizado por el compilador utilizado para compilar Xen. No hemos podido encuestar a los compiladores; en consecuencia, no podemos decir qué compilador (es) podrían producir código vulnerable (con cuales opciones de generación de código). La documentación de GCC sugiere claramente que el reordenamiento es posible. Los sistemas Arm también serán vulnerables si la CPU puede reordenar el acceso a la memoria. Consulte a su proveedor de CPU. Los sistemas x86 solo son vulnerables si un compilador realiza un reordenamiento.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-16 CVE Reserved
- 2020-09-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-670: Always-Incorrect Control Flow Implementation
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://xenbits.xen.org/xsa/advisory-340.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.14.0 Search vendor "Xen" for product "Xen" and version " <= 4.14.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|