CVE-2020-29483Use After Free in XEN

CWE-416Use After Free4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 82.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedDec 15
Latest updateMay 24

Description

An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

debiandebian/xen< xen 4.14.0+88-g1d1d1f5391-1 (bookworm)
Debianxen/xen< 4.14.0+88-g1d1d1f5391-1+3
NVDxen/xen4.14.0

Also affects: Debian Linux 10.0, Fedora 32, 33

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

2
GHSA
GHSA-q89m-rx2c-6v2g: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-29483: An issue was discovered in Xen through 42020-12-15

📋Vendor Advisories

1
Debian
CVE-2020-29483: xen - An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate ...2020