#VU29600 Permissions, Privileges, and Access Controls in Xen - CVE-2020-15565
Published: July 9, 2020 / Updated: July 15, 2020
Xen
Xen Project
Description
The vulnerability allows a remote attacker to escalate privileges on the system or perform a denial of service attack.
The vulnerability exists due to application does not properly impose security restrictions. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose.
Successful exploitation of the vulnerability may allows privileges escalation on the host operating system.
Note: the vulnerability affects Intel x86 systems only.