CVE-2020-15567 — Race Condition in XEN

CWE-362 — Race Condition10 documents8 sources

Severity

7.8HIGHNVD

OSV5.5

EPSS

0.1%

top 82.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedJul 7

Latest updateSep 19

Description

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrato…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages4 packages

▶Debianxen/xen< 4.11.4+24-gddaaccbbab-1+3

▶Ubuntuxen/xen< 4.11.3+24-g14b62ab3e5-1ubuntu2.3

▶NVDxen/xen4.13.1

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 10.0, Fedora 31, 32

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

OSV

xen vulnerabilities↗2022-09-19

▶

GHSA

GHSA-mpwm-7x8j-q5j2: An issue was discovered in Xen through 4↗2022-05-24

▶

CVEList

CVE-2020-15567: An issue was discovered in Xen through 4↗2020-07-07

▶

OSV

CVE-2020-15567: An issue was discovered in Xen through 4↗2020-07-07

▶

📋Vendor Advisories

Ubuntu

Xen vulnerabilities↗2022-09-19

▶

Red Hat

xen: non-atomic modification of live EPT PTE leads to DoS (XSA-328)↗2020-07-07

▶

Debian

CVE-2020-15567: xen - An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to ...↗2020

▶

💬Community

Bugzilla

CVE-2020-15567 xen: non-atomic modification of live EPT PTE leads to DoS (XSA-328) [fedora-all]↗2020-07-07

▶

Bugzilla

CVE-2020-15567 xen: non-atomic modification of live EPT PTE leads to DoS (XSA-328)↗2020-06-26

▶