CVE-2020-25598 — Always-Incorrect Control Flow Implementation in XEN

CWE-670 — Always-Incorrect Control Flow Implementation CWE-667 — Improper Locking8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Fedoraproject Fedora Opensuse Leap

Timeline

PublishedSep 23

Latest updateMay 24

Description

An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, res…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Alpinexen/xen< 4.12.3-r4+13

▶NVDxen/xen4.12.0 — 4.14.0

▶NVDopensuse/leap15.2

Also affects: Fedora 31, 32, 33

🔴Vulnerability Details

GHSA

GHSA-6vvr-9x9v-68j4: An issue was discovered in Xen 4↗2022-05-24

▶

CVEList

CVE-2020-25598: An issue was discovered in Xen 4↗2020-09-23

▶

OSV

CVE-2020-25598: An issue was discovered in Xen 4↗2020-09-23

▶

📋Vendor Advisories

Red Hat

xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)↗2020-09-22

▶

Debian

CVE-2020-25598: xen - An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_a...↗2020

▶

💬Community

Bugzilla

CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334) [fedora-all]↗2020-09-22

▶

Bugzilla

CVE-2020-25598 xen: missing unlock in XENMEM_acquire_resource error path (XSA-334)↗2020-09-09

▶