CVE-2020-25602Improper Handling of Exceptional Conditions in XEN

CWE-755Improper Handling of Exceptional ConditionsCWE-358Improperly Implemented Security Check for Standard9 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 76.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedSep 23
Latest updateSep 19

Description

An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malic

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

Debianxen/xen< 4.14.0+80-gd101b417b7-1+3
NVDxen/xen4.11.04.14.0
NVDopensuse/leap15.2

Also affects: Debian Linux 10.0, Fedora 31, 32, 33

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

3
GHSA
GHSA-mv4f-fvpr-9x8h: An issue was discovered in Xen through 42022-05-24
CVEList
CVE-2020-25602: An issue was discovered in Xen through 42020-09-23
OSV
CVE-2020-25602: An issue was discovered in Xen through 42020-09-23

📋Vendor Advisories

3
Ubuntu
Xen vulnerabilities2022-09-19
Red Hat
xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)2020-09-22
Debian
CVE-2020-25602: xen - An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a hos...2020

💬Community

2
Bugzilla
CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) [fedora-all]2020-09-22
Bugzilla
CVE-2020-25602 xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333)2020-09-17
CVE-2020-25602 — XEN vulnerability | cvebase