Missing Authorization in Xen - CVE-2020-11741
Published: July 28, 2020
Vulnerability identifier: #VU31975
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green
CVE-ID: CVE-2020-11741
CWE-ID: CWE-862
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
An issue was discovered in xenoprof in Xen through 4.13.x, allowing
guest OS users (with active profiling) to obtain sensitive information
about other guests, cause a denial of service, or possibly gain
privileges. For guests for which "active" profiling
was enabled by the administrator, the xenoprof code uses the standard
Xen shared ring structure. Unfortunately, this code did not treat the
guest as a potential adversary: it trusts the guest not to modify buffer
size information or modify head / tail pointers in unexpected ways. A remote user can perform a denial of service (DoS) attack.
How to mitigate CVE-2020-11741
Install updates from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
- http://www.openwall.com/lists/oss-security/2020/04/14/1
- http://xenbits.xen.org/xsa/advisory-313.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
- https://security.gentoo.org/glsa/202005-08
- https://www.debian.org/security/2020/dsa-4723
- https://xenbits.xen.org/xsa/advisory-313.html