CVE-2020-15566Improper Check for Unusual or Exceptional Conditions in XEN

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-392Missing Report of Error ConditionCWE-755Improper Handling of Exceptional Conditions9 documents7 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.1%
top 82.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENDebian Linux
Timeline
PublishedJul 7
Latest updateSep 19

Description

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/xen< xen 4.11.4+24-gddaaccbbab-1 (bookworm)
Debianxen/xen< 4.11.4+24-gddaaccbbab-1+3
Ubuntuxen/xen< 4.11.3+24-g14b62ab3e5-1ubuntu2.3
NVDxen/xen4.10.04.13.1

Also affects: Debian Linux 10.0

🔴Vulnerability Details

3
OSV
xen vulnerabilities2022-09-19
GHSA
GHSA-2v7g-8jvx-2wfc: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-15566: An issue was discovered in Xen through 42020-07-07

📋Vendor Advisories

3
Ubuntu
Xen vulnerabilities2022-09-19
Red Hat
xen: incorrect error handling in event channel port allocation leads to DoS (XSA-317)2020-07-07
Debian
CVE-2020-15566: xen - An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause ...2020

💬Community

2
Bugzilla
CVE-2020-15566 xen: incorrect error handling in event channel port allocation leads to DoS (XSA-317) [fedora-all]2020-07-07
Bugzilla
CVE-2020-15566 xen: incorrect error handling in event channel port allocation leads to DoS (XSA-317)2020-06-26