Main Vulnerability Database Vulnerabilities #VU29602

#VU29602 Resource management error in Xen - CVE-2020-15566

Published: July 9, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29602

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Clear

CVE-ID: CVE-2020-15566

CWE-ID: CWE-399

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in event-channel port allocation in Xen. An attacker with access to guest operating system can consume more than 1023 event channels and crash the hypervisor.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2020/07/07/2
http://xenbits.xen.org/xsa/advisory-317.html