Race condition in Xen - CVE-2020-15567

 

Race condition in Xen - CVE-2020-15567

Published: July 9, 2020 / Updated: July 15, 2020


Vulnerability identifier: #VU29598
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Green
CVE-ID: CVE-2020-15567
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Xen Project
Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper management of internal resources in Xen. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. An attacker with access to guest operating system can perform a denial of service (DoS) attack or escalate privileges on the host operating system.

Note: the vulnerability can be exploited only on systems with Intel processors.


How to mitigate CVE-2020-15567

Install updates from vendor's website.

Sources