CVE-2020-29481
Debian Security Advisory 4812-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes from the previous domain(s) with the same domid. Because all Xenstore entries of a guest below /local/domain/<domid> are being deleted by Xen tools when a guest is destroyed, only Xenstore entries of other guests still running are affected. For example, a newly created guest domain might be able to read sensitive information that had belonged to a previously existing guest domain. Both Xenstore implementations (C and Ocaml) are vulnerable.
Se detectó un problema en Xen versiones hasta 4.14.x. Los derechos de acceso de los nodos de Xenstore son per domid. Desafortunadamente, los derechos de acceso concedidos existentes no son eliminados cuando un dominio ha sido destruido. Esto significa que un nuevo dominio creado con el mismo domid heredará los derechos de acceso a los nodos de Xenstore de los dominios anteriores con el mismo domid. Debido a que todas las entradas de Xenstore de un invitado por debajo /local/domain/(domid) han sido eliminadas por las herramientas Xen, cuando un invitado es destruido; solo las entradas Xenstore de otros invitados que aún se estén ejecutando están afectadas. Por ejemplo, un dominio invitado recién creado puede ser capaz de leer información confidencial que perteneciera a un dominio invitado previamente existente. Ambas implementaciones de Xenstore (C y Ocaml) son vulnerables
An update that solves 7 vulnerabilities and has two fixes is now available. This update for xen fixes the following issues. Fixed an issue which could have allowed leak of non-sensitive data to administrator guests. Fixed an issue which could have allowd to new domains to inherit existing node permissions. Fixed an issue where guests could disturb domain cleanup. Fixed an issue where guests could crash xenstored via watchs. Fixed an undue recursion in x86 HVM context switch code. Fixed an issue where FIFO event channels control block related ordering. Fixed an issue where FIFO event channels control structure ordering. This update was imported from the SUSE:SLE-15-SP2:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-03 CVE Reserved
- 2020-12-15 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/12/16/3 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://xenbits.xenproject.org/xsa/advisory-322.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.14.0 Search vendor "Xen" for product "Xen" and version " <= 4.14.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||