CVE-2020-25595 — Improper Privilege Management in XEN

CWE-269 — Improper Privilege Management CWE-20 — Improper Input Validation9 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 74.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedSep 23

Latest updateSep 19

Description

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianxen/xen< 4.14.0+80-gd101b417b7-1+3

▶NVDxen/xen4.14.0

▶NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, Fedora 31, 32, 33

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-gx32-9whp-v6gp: An issue was discovered in Xen through 4↗2022-05-24

▶

CVEList

CVE-2020-25595: An issue was discovered in Xen through 4↗2020-09-23

▶

OSV

CVE-2020-25595: An issue was discovered in Xen through 4↗2020-09-23

▶

📋Vendor Advisories

Ubuntu

Xen vulnerabilities↗2022-09-19

▶

Red Hat

xen: PCI passthrough code reading back hardware registers (XSA-337)↗2020-09-22

▶

Debian

CVE-2020-25595: xen - An issue was discovered in Xen through 4.14.x. The PCI passthrough code improper...↗2020

▶

💬Community

Bugzilla

CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337) [fedora-all]↗2020-09-22

▶

Bugzilla

CVE-2020-25595 xen: PCI passthrough code reading back hardware registers (XSA-337)↗2020-09-09

▶