CVE-2020-15563 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.1%
top 77.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 7
Latest updateSep 19
Description
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0
Affected Packages4 packages
Also affects: Debian Linux 10.0, Fedora 31, 32