Main Vulnerability Database SB20200716127

SB20200716127 - Privilege escalation in Xen

Published: July 16, 2020 Updated: July 28, 2020

Security Bulletin ID SB20200716127

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect default permissions (CVE-ID: CVE-2020-15852)

The vulnerability allows a local user to escalate privileges on the system.

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen. A remote user with access to the guest system can gain elevated privileges.

Remediation

Install update from vendor's website.

References

http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2