Main Vulnerability Database Vulnerabilities #VU46980

#VU46980 Resource management error in Xen - CVE-2020-25603

Published: September 23, 2020

Vulnerability identifier: #VU46980

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green

CVE-ID: CVE-2020-25603

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to event channels control structures can be accessed lockless as long as the port is considered to be valid. Such sequence is missing appropriate memory barrier (e.g smp_*mb()) to prevent both the compiler and CPU to re-order access. A malicious guest may be able to cause a hypervisor crash.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xen.org/xsa/advisory-340.html

#VU46980 Resource management error in Xen - CVE-2020-25603

Description

Remediation

External links

Please verify you're human