Debian update for xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 |
| CWE-ID | CWE-345 CWE-269 CWE-362 CWE-119 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Debian Linux Operating systems & Components / Operating system xen (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU49940
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27670
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
MitigationUpdate xen package to version 4.11.4+57-g41a822c392-1.
Vulnerable software versionsDebian Linux: All versions
xen (Debian package): before 4.11.4+57-g41a822c392-1
External linkshttp://www.debian.org/security/2020/dsa-4804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Privilege Management
EUVDB-ID: #VU48638
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27671
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management within the IOMMU TLB implementation. A local user on a guest OS can escalate privileges on the system by running a specially crafted application.
MitigationUpdate xen package to version 4.11.4+57-g41a822c392-1.
Vulnerable software versionsDebian Linux: All versions
xen (Debian package): before 4.11.4+57-g41a822c392-1
External linkshttp://www.debian.org/security/2020/dsa-4804
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU49941
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27672
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
MitigationUpdate xen package to version 4.11.4+57-g41a822c392-1.
Vulnerable software versionsDebian Linux: All versions
xen (Debian package): before 4.11.4+57-g41a822c392-1
External linkshttp://www.debian.org/security/2020/dsa-4804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU49942
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27674
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to read and manipulate data.
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
MitigationUpdate xen package to version 4.11.4+57-g41a822c392-1.
Vulnerable software versionsDebian Linux: All versions
xen (Debian package): before 4.11.4+57-g41a822c392-1
External linkshttp://www.debian.org/security/2020/dsa-4804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU48756
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28368
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.
MitigationUpdate xen package to version 4.11.4+57-g41a822c392-1.
Vulnerable software versionsDebian Linux: All versions
xen (Debian package): before 4.11.4+57-g41a822c392-1
External linkshttp://www.debian.org/security/2020/dsa-4804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
