CVE-2020-25600 — Out-of-bounds Write in XEN

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-440 — Expected Behavior Violation9 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedSep 23

Latest updateSep 19

Description

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respec…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianxen/xen< 4.14.0+80-gd101b417b7-1+3

▶NVDxen/xen4.4.0 — 4.14.0

▶NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, Fedora 31, 32, 33

🔴Vulnerability Details

GHSA

GHSA-gff7-q4h3-6x9j: An issue was discovered in Xen through 4↗2022-05-24

▶

CVEList

CVE-2020-25600: An issue was discovered in Xen through 4↗2020-09-23

▶

OSV

CVE-2020-25600: An issue was discovered in Xen through 4↗2020-09-23

▶

📋Vendor Advisories

Ubuntu

Xen vulnerabilities↗2022-09-19

▶

Red Hat

xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)↗2020-09-22

▶

Debian

CVE-2020-25600: xen - An issue was discovered in Xen through 4.14.x. Out of bounds event channels are ...↗2020

▶

💬Community

Bugzilla

CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) [fedora-all]↗2020-09-22

▶

Bugzilla

CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)↗2020-09-17

▶