CVE-2020-25597Improper Handling of Exceptional Conditions in XEN

CWE-755Improper Handling of Exceptional ConditionsCWE-440Expected Behavior ViolationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
6.5MEDIUMNVD
OSV5.5
EPSS
0.1%
top 70.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
XENDebian XENFedoraproject Fedora
Timeline
PublishedSep 23
Latest updateSep 19

Description

An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/xen< xen 4.14.0+80-gd101b417b7-1 (bookworm)
Debianxen/xen< 4.14.0+80-gd101b417b7-1+3
Ubuntuxen/xen< 4.11.3+24-g14b62ab3e5-1ubuntu2.3
NVDxen/xen4.4.04.14.0

Also affects: Fedora 31

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

3
OSV
xen vulnerabilities2022-09-19
GHSA
GHSA-jfr2-c4pw-p2hx: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-25597: An issue was discovered in Xen through 42020-09-23

📋Vendor Advisories

3
Ubuntu
Xen vulnerabilities2022-09-19
Red Hat
xen: once valid event channels may not turn invalid (XSA-338)2020-09-22
Debian
CVE-2020-25597: xen - An issue was discovered in Xen through 4.14.x. There is mishandling of the const...2020

💬Community

2
Bugzilla
CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338) [fedora-all]2020-09-22
Bugzilla
CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)2020-09-16