Main Vulnerability Database Vulnerabilities #VU29601

Untrusted Pointer Dereference in Xen - CVE-2020-15563

Published: July 9, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29601

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Green

CVE-ID: CVE-2020-15563

CWE-ID: CWE-822

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inverted code paths in x86 dirty VRAM tracking in Xen. An attacker with access to HVM guest operating system can crash the hypervisor.

Note: the vulnerability affects x86 systems only.

How to mitigate CVE-2020-15563

Install updates from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2020/07/07/3
http://xenbits.xen.org/xsa/advisory-319.html

Untrusted Pointer Dereference in Xen - CVE-2020-15563

Detailed vulnerability description

How to mitigate CVE-2020-15563

Sources

Please verify you're human