#VU31975 Missing Authorization in Xen - CVE-2020-11741
Published: July 28, 2020
Vulnerability identifier: #VU31975
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green
CVE-ID: CVE-2020-11741
CWE-ID: CWE-862
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Xen
Xen
Software vendor:
Xen Project
Xen Project
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
An issue was discovered in xenoprof in Xen through 4.13.x, allowing
guest OS users (with active profiling) to obtain sensitive information
about other guests, cause a denial of service, or possibly gain
privileges. For guests for which "active" profiling
was enabled by the administrator, the xenoprof code uses the standard
Xen shared ring structure. Unfortunately, this code did not treat the
guest as a potential adversary: it trusts the guest not to modify buffer
size information or modify head / tail pointers in unexpected ways. A remote user can perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
- http://www.openwall.com/lists/oss-security/2020/04/14/1
- http://xenbits.xen.org/xsa/advisory-313.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
- https://security.gentoo.org/glsa/202005-08
- https://www.debian.org/security/2020/dsa-4723
- https://xenbits.xen.org/xsa/advisory-313.html