CVE-2020-15565 — Uncontrolled Resource Consumption in XEN
Severity
8.8HIGHNVD
NVD7.8OSV5.5
EPSS
0.1%
top 77.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 7
Latest updateSep 19
Description
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0
Affected Packages4 packages
Also affects: Debian Linux 10.0, Fedora 31, 32