CVE-2020-29571NULL Pointer Dereference in XEN

CWE-476NULL Pointer Dereference4 documents4 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 81.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedDec 15
Latest updateMay 24

Description

An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

debiandebian/xen< xen 4.14.0+88-g1d1d1f5391-1 (bookworm)
Debianxen/xen< 4.14.0+88-g1d1d1f5391-1+3
NVDxen/xen4.4.04.14.0

Also affects: Debian Linux 10.0, Fedora 32, 33

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

2
GHSA
GHSA-26rg-mq58-rxvm: An issue was discovered in Xen through 42022-05-24
OSV
CVE-2020-29571: An issue was discovered in Xen through 42020-12-15

📋Vendor Advisories

1
Debian
CVE-2020-29571: xen - An issue was discovered in Xen through 4.14.x. A bounds check common to most ope...2020