Vulnerability identifier: #VU31975
Vulnerability risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-862
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
An issue was discovered in xenoprof in Xen through 4.13.x, allowing
guest OS users (with active profiling) to obtain sensitive information
about other guests, cause a denial of service, or possibly gain
privileges. For guests for which "active" profiling
was enabled by the administrator, the xenoprof code uses the standard
Xen shared ring structure. Unfortunately, this code did not treat the
guest as a potential adversary: it trusts the guest not to modify buffer
size information or modify head / tail pointers in unexpected ways. A remote user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Xen: 3.2 - 4.13.0
External links
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
http://www.openwall.com/lists/oss-security/2020/04/14/1
http://xenbits.xen.org/xsa/advisory-313.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
http://security.gentoo.org/glsa/202005-08
http://www.debian.org/security/2020/dsa-4723
http://xenbits.xen.org/xsa/advisory-313.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.