Permissions, Privileges, and Access Controls in xen (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-15565 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU29600
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-15565
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system or perform a denial of service attack.
The vulnerability exists due to application does not properly impose security restrictions. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose.
Successful exploitation of the vulnerability may allows privileges escalation on the host operating system.
Note: the vulnerability affects Intel x86 systems only.
Install update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.1.3-r0 - 4.12.3-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=3992359a2b257143f6d354a15e0d3b338c5d8e45
http://git.alpinelinux.org/aports/commit/?id=4eb93417705cbc9cb434bae5e88502bf944f7652
http://git.alpinelinux.org/aports/commit/?id=054ec5f5456be1d95d13e7b5c5607e9c0ed5904d
http://git.alpinelinux.org/aports/commit/?id=a95c3541d2bc3ba65df7c81a62b776d2fd0ed4ce
http://git.alpinelinux.org/aports/commit/?id=fc28a340a4fd7b262e11f636ab2fafe24e2d05a2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
