#VU29598 Race condition in Xen - CVE-2020-15567

Vulnerability identifier: #VU29598

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Green

CVE-ID: CVE-2020-15567

CWE-ID: CWE-362

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper management of internal resources in Xen. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. An attacker with access to guest operating system can perform a denial of service (DoS) attack or escalate privileges on the host operating system.

Note: the vulnerability can be exploited only on systems with Intel processors.

Install updates from vendor's website.

• http://www.openwall.com/lists/oss-security/2020/07/07/6
• http://xenbits.xen.org/xsa/advisory-328.html