Main Vulnerability Database Vulnerabilities #VU29601

#VU29601 Untrusted Pointer Dereference in Xen - CVE-2020-15563

Published: July 9, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29601

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Green

CVE-ID: CVE-2020-15563

CWE-ID: CWE-822

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inverted code paths in x86 dirty VRAM tracking in Xen. An attacker with access to HVM guest operating system can crash the hypervisor.

Note: the vulnerability affects x86 systems only.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2020/07/07/3
http://xenbits.xen.org/xsa/advisory-319.html

#VU29601 Untrusted Pointer Dereference in Xen - CVE-2020-15563

Description

Remediation

External links

Please verify you're human