Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-15565 (GCVE-0-2020-15565)
Vulnerability from cvelistv5 – Published: 2020-07-07 12:25 – Updated: 2024-08-04 13:22
VLAI?
EPSS
Summary
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://xenbits.xen.org/xsa/advisory-321.html | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2020/07/07/4 | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2020/dsa-4723 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202007-02 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:29.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"name": "DSA-4723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"name": "openSUSE-SU-2020:0965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"name": "FEDORA-2020-fbc13516af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"name": "openSUSE-SU-2020:0985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"name": "FEDORA-2020-76cf2b0f0a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"name": "GLSA-202007-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T00:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"name": "DSA-4723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"name": "openSUSE-SU-2020:0965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"name": "FEDORA-2020-fbc13516af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"name": "openSUSE-SU-2020:0985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"name": "FEDORA-2020-76cf2b0f0a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"name": "GLSA-202007-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-321.html",
"refsource": "MISC",
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"name": "openSUSE-SU-2020:0965",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"name": "FEDORA-2020-fbc13516af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"name": "openSUSE-SU-2020:0985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"name": "FEDORA-2020-76cf2b0f0a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"name": "GLSA-202007-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15565",
"datePublished": "2020-07-07T12:25:00.000Z",
"dateReserved": "2020-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:29.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-15565",
"date": "2026-05-20",
"epss": "0.00076",
"percentile": "0.22703"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"versionStartIncluding\": \"3.2.0\", \"versionEndIncluding\": \"4.13.1\", \"matchCriteriaId\": \"92B5308D-B467-453A-B0AB-BE4CBD7C5D96\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.13.x, que permit\\u00eda a usuarios de Sistemas Operativos invitados Intel HVM x86 causar una denegaci\\u00f3n de servicio del Sistema Operativo host o posiblemente alcanzar privilegios debido a la insuficiente reescritura de cach\\u00e9 en VT-d. Cuando las tablas de p\\u00e1ginas se comparten entre IOMMU y la CPU, los cambios en ellas requieren el vaciado de ambos TLB. Adem\\u00e1s, los IOMMU pueden no ser coherentes y, por lo tanto, antes de vaciar los TLB de IOMMU, una memoria cach\\u00e9 de la CPU tambi\\u00e9n necesita volver a escribirse en la memoria despu\\u00e9s de realizar los cambios. Tal escritura de datos en cach\\u00e9 faltaba en particular al dividir las asignaciones de p\\u00e1ginas grandes en las de granularidad m\\u00e1s peque\\u00f1as. Un hu\\u00e9sped malicioso puede retener el acceso de lectura/escritura de DMA a los marcos devueltos al grupo gratuito de Xen y luego reutilizarlos para otro prop\\u00f3sito. Los bloqueos del host (conllevan a una Denegaci\\u00f3n de Servicio) y una escalada de privilegios no puede ser descartada. Las versiones Xen de al menos 3.2 en adelante est\\u00e1n afectadas. Solo est\\u00e1n afectados los sistemas Intel x86. Los sistemas x86 AMD y Arm no est\\u00e1n afectados. Solo los invitados x86 HVM que usan paginaci\\u00f3n asistida por hardware (HAP), que tienen asignado un dispositivo PCI pasado y que tienen habilitado el uso compartido de tablas de p\\u00e1ginas pueden aprovechar la vulnerabilidad. Tenga en cuenta que el uso compartido de la tabla de p\\u00e1ginas ser\\u00e1 habilitada (por defecto) solo si Xen considera que IOMMU y la CPU de gran tama\\u00f1o de p\\u00e1gina son compatibles\"}]",
"id": "CVE-2020-15565",
"lastModified": "2024-11-21T05:05:45.250",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:C\", \"baseScore\": 6.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-07-07T13:15:10.103",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/07/07/4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-321.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-02\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/07/07/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-321.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-15565\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-07-07T13:15:10.103\",\"lastModified\":\"2024-11-21T05:05:45.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.13.x, que permit\u00eda a usuarios de Sistemas Operativos invitados Intel HVM x86 causar una denegaci\u00f3n de servicio del Sistema Operativo host o posiblemente alcanzar privilegios debido a la insuficiente reescritura de cach\u00e9 en VT-d. Cuando las tablas de p\u00e1ginas se comparten entre IOMMU y la CPU, los cambios en ellas requieren el vaciado de ambos TLB. Adem\u00e1s, los IOMMU pueden no ser coherentes y, por lo tanto, antes de vaciar los TLB de IOMMU, una memoria cach\u00e9 de la CPU tambi\u00e9n necesita volver a escribirse en la memoria despu\u00e9s de realizar los cambios. Tal escritura de datos en cach\u00e9 faltaba en particular al dividir las asignaciones de p\u00e1ginas grandes en las de granularidad m\u00e1s peque\u00f1as. Un hu\u00e9sped malicioso puede retener el acceso de lectura/escritura de DMA a los marcos devueltos al grupo gratuito de Xen y luego reutilizarlos para otro prop\u00f3sito. Los bloqueos del host (conllevan a una Denegaci\u00f3n de Servicio) y una escalada de privilegios no puede ser descartada. Las versiones Xen de al menos 3.2 en adelante est\u00e1n afectadas. Solo est\u00e1n afectados los sistemas Intel x86. Los sistemas x86 AMD y Arm no est\u00e1n afectados. Solo los invitados x86 HVM que usan paginaci\u00f3n asistida por hardware (HAP), que tienen asignado un dispositivo PCI pasado y que tienen habilitado el uso compartido de tablas de p\u00e1ginas pueden aprovechar la vulnerabilidad. Tenga en cuenta que el uso compartido de la tabla de p\u00e1ginas ser\u00e1 habilitada (por defecto) solo si Xen considera que IOMMU y la CPU de gran tama\u00f1o de p\u00e1gina son compatibles\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:C\",\"baseScore\":6.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndIncluding\":\"4.13.1\",\"matchCriteriaId\":\"92B5308D-B467-453A-B0AB-BE4CBD7C5D96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/07/07/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-321.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202007-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/07/07/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-321.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202007-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2020-AVI-414
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15563"
},
{
"name": "CVE-2020-15565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15565"
},
{
"name": "CVE-2020-15566",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15566"
},
{
"name": "CVE-2020-15564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15564"
},
{
"name": "CVE-2020-15567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15567"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-414",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-328 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-328.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-327 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-327.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-317 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-317.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-321 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-321.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-319 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-319.html"
}
]
}
CERTFR-2020-AVI-418
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer 7.0 sans le correctif de sécurité XS70E080 | ||
| Citrix | Citrix Hypervisor | Citrix XenServer 7.1 LTSR CU2 sans le correctif de sécurité XS80E013 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.0 sans le correctif de sécurité XS71ECU2042 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.1 sans le correctif de sécurité XS81E006 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.2 LTSR sans le correctif de sécurité XS82E001 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E080",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS80E013",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.0 sans le correctif de s\u00e9curit\u00e9 XS71ECU2042",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E006",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.2 LTSR sans le correctif de s\u00e9curit\u00e9 XS82E001",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15563"
},
{
"name": "CVE-2020-15565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15565"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX277456 du 08 juillet 2020",
"url": "https://support.citrix.com/article/CTX277456"
}
]
}
CERTFR-2020-AVI-414
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15563"
},
{
"name": "CVE-2020-15565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15565"
},
{
"name": "CVE-2020-15566",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15566"
},
{
"name": "CVE-2020-15564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15564"
},
{
"name": "CVE-2020-15567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15567"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-414",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-328 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-328.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-327 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-327.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-317 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-317.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-321 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-321.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-319 du 07 juillet 2020",
"url": "https://xenbits.xen.org/xsa/advisory-319.html"
}
]
}
CERTFR-2020-AVI-418
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer 7.0 sans le correctif de sécurité XS70E080 | ||
| Citrix | Citrix Hypervisor | Citrix XenServer 7.1 LTSR CU2 sans le correctif de sécurité XS80E013 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.0 sans le correctif de sécurité XS71ECU2042 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.1 sans le correctif de sécurité XS81E006 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.2 LTSR sans le correctif de sécurité XS82E001 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E080",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS80E013",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.0 sans le correctif de s\u00e9curit\u00e9 XS71ECU2042",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E006",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.2 LTSR sans le correctif de s\u00e9curit\u00e9 XS82E001",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15563"
},
{
"name": "CVE-2020-15565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15565"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX277456 du 08 juillet 2020",
"url": "https://support.citrix.com/article/CTX277456"
}
]
}
CNVD-2020-51521
Vulnerability from cnvd - Published: 2020-09-09
VLAI Severity ?
Title
Xen资源管理错误漏洞(CNVD-2020-51521)
Description
Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.13.x及之前版本中存在安全漏洞。攻击者可利用该漏洞导致主机操作系统崩溃或提升权限。
Severity
中
Patch Name
Xen资源管理错误漏洞(CNVD-2020-51521)的补丁
Patch Description
Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.13.x及之前版本中存在安全漏洞。攻击者可利用该漏洞导致主机操作系统崩溃或提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://xenbits.xen.org/xsa/advisory-321.html
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html
Impacted products
| Name | Xen Xen <=4.13.* |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-15565"
}
},
"description": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\n\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u5d29\u6e83\u6216\u63d0\u5347\u6743\u9650\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://xenbits.xen.org/xsa/advisory-321.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-51521",
"openTime": "2020-09-09",
"patchDescription": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\r\n\r\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u5d29\u6e83\u6216\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-51521\uff09\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003c=4.13.*"
},
"referenceLink": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html",
"serverity": "\u4e2d",
"submitTime": "2020-07-08",
"title": "Xen\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-51521\uff09"
}
FKIE_CVE-2020-15565
Vulnerability from fkie_nvd - Published: 2020-07-07 13:15 - Updated: 2024-11-21 05:05
Severity ?
Summary
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "92B5308D-B467-453A-B0AB-BE4CBD7C5D96",
"versionEndIncluding": "4.13.1",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.13.x, que permit\u00eda a usuarios de Sistemas Operativos invitados Intel HVM x86 causar una denegaci\u00f3n de servicio del Sistema Operativo host o posiblemente alcanzar privilegios debido a la insuficiente reescritura de cach\u00e9 en VT-d. Cuando las tablas de p\u00e1ginas se comparten entre IOMMU y la CPU, los cambios en ellas requieren el vaciado de ambos TLB. Adem\u00e1s, los IOMMU pueden no ser coherentes y, por lo tanto, antes de vaciar los TLB de IOMMU, una memoria cach\u00e9 de la CPU tambi\u00e9n necesita volver a escribirse en la memoria despu\u00e9s de realizar los cambios. Tal escritura de datos en cach\u00e9 faltaba en particular al dividir las asignaciones de p\u00e1ginas grandes en las de granularidad m\u00e1s peque\u00f1as. Un hu\u00e9sped malicioso puede retener el acceso de lectura/escritura de DMA a los marcos devueltos al grupo gratuito de Xen y luego reutilizarlos para otro prop\u00f3sito. Los bloqueos del host (conllevan a una Denegaci\u00f3n de Servicio) y una escalada de privilegios no puede ser descartada. Las versiones Xen de al menos 3.2 en adelante est\u00e1n afectadas. Solo est\u00e1n afectados los sistemas Intel x86. Los sistemas x86 AMD y Arm no est\u00e1n afectados. Solo los invitados x86 HVM que usan paginaci\u00f3n asistida por hardware (HAP), que tienen asignado un dispositivo PCI pasado y que tienen habilitado el uso compartido de tablas de p\u00e1ginas pueden aprovechar la vulnerabilidad. Tenga en cuenta que el uso compartido de la tabla de p\u00e1ginas ser\u00e1 habilitada (por defecto) solo si Xen considera que IOMMU y la CPU de gran tama\u00f1o de p\u00e1gina son compatibles"
}
],
"id": "CVE-2020-15565",
"lastModified": "2024-11-21T05:05:45.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T13:15:10.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XCJP-MJ7M-5F57
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2023-03-03 15:30
VLAI?
Details
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-15565"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-07T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",
"id": "GHSA-xcjp-mj7m-5f57",
"modified": "2023-03-03T15:30:18Z",
"published": "2022-05-24T17:22:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15565"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-15565
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15565",
"description": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",
"id": "GSD-2020-15565",
"references": [
"https://www.suse.com/security/cve/CVE-2020-15565.html",
"https://www.debian.org/security/2020/dsa-4723",
"https://linux.oracle.com/cve/CVE-2020-15565.html",
"https://ubuntu.com/security/CVE-2020-15565"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15565"
],
"details": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",
"id": "GSD-2020-15565",
"modified": "2023-12-13T01:21:43.354768Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-321.html",
"refsource": "MISC",
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"name": "openSUSE-SU-2020:0965",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"name": "FEDORA-2020-fbc13516af",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"name": "openSUSE-SU-2020:0985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"name": "FEDORA-2020-76cf2b0f0a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"name": "GLSA-202007-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-02"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "4.13.1",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15565"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-321.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-321.html"
},
{
"name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/07/4"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"name": "openSUSE-SU-2020:0965",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html"
},
{
"name": "FEDORA-2020-fbc13516af",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/"
},
{
"name": "openSUSE-SU-2020:0985",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html"
},
{
"name": "FEDORA-2020-76cf2b0f0a",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/"
},
{
"name": "GLSA-202007-02",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2023-03-03T15:09Z",
"publishedDate": "2020-07-07T13:15Z"
}
}
}
OPENSUSE-SU-2020:0965-1
Vulnerability from csaf_opensuse - Published: 2020-07-15 12:42 - Updated: 2020-07-15 12:42Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
- CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).
Additional upstream bug fixes (bsc#1027519)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-965
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.9 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n- CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka \u0027CrossTalk\u0027 (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-965",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0965-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0965-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/INF4LPB5UI4GVQ3GIB2BQFBCEWY7ANGZ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0965-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/INF4LPB5UI4GVQ3GIB2BQFBCEWY7ANGZ/"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1172205",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "self",
"summary": "SUSE Bug 1173376",
"url": "https://bugzilla.suse.com/1173376"
},
{
"category": "self",
"summary": "SUSE Bug 1173377",
"url": "https://bugzilla.suse.com/1173377"
},
{
"category": "self",
"summary": "SUSE Bug 1173378",
"url": "https://bugzilla.suse.com/1173378"
},
{
"category": "self",
"summary": "SUSE Bug 1173380",
"url": "https://bugzilla.suse.com/1173380"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15563 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15565 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15566 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15567 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15567/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-07-15T12:42:14Z",
"generator": {
"date": "2020-07-15T12:42:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0965-1",
"initial_release_date": "2020-07-15T12:42:14Z",
"revision_history": [
{
"date": "2020-07-15T12:42:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.3_04-lp151.2.21.1.i586",
"product": {
"name": "xen-devel-4.12.3_04-lp151.2.21.1.i586",
"product_id": "xen-devel-4.12.3_04-lp151.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.3_04-lp151.2.21.1.i586",
"product": {
"name": "xen-libs-4.12.3_04-lp151.2.21.1.i586",
"product_id": "xen-libs-4.12.3_04-lp151.2.21.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"product": {
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"product_id": "xen-tools-domU-4.12.3_04-lp151.2.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-devel-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-libs-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-tools-4.12.3_04-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64",
"product_id": "xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.3_04-lp151.2.21.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586"
},
"product_reference": "xen-devel-4.12.3_04-lp151.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.3_04-lp151.2.21.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586"
},
"product_reference": "xen-libs-4.12.3_04-lp151.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586"
},
"product_reference": "xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0543"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0543",
"url": "https://www.suse.com/security/cve/CVE-2020-0543"
},
{
"category": "external",
"summary": "SUSE Bug 1154824 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1154824"
},
{
"category": "external",
"summary": "SUSE Bug 1172205 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "external",
"summary": "SUSE Bug 1172206 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172206"
},
{
"category": "external",
"summary": "SUSE Bug 1172207 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172207"
},
{
"category": "external",
"summary": "SUSE Bug 1172770 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172770"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T12:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-15563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15563"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests\u0027 dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest\u0027s video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15563",
"url": "https://www.suse.com/security/cve/CVE-2020-15563"
},
{
"category": "external",
"summary": "SUSE Bug 1173377 for CVE-2020-15563",
"url": "https://bugzilla.suse.com/1173377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T12:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2020-15563"
},
{
"cve": "CVE-2020-15565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15565"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15565",
"url": "https://www.suse.com/security/cve/CVE-2020-15565"
},
{
"category": "external",
"summary": "SUSE Bug 1173378 for CVE-2020-15565",
"url": "https://bugzilla.suse.com/1173378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T12:42:14Z",
"details": "important"
}
],
"title": "CVE-2020-15565"
},
{
"cve": "CVE-2020-15566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15566"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15566",
"url": "https://www.suse.com/security/cve/CVE-2020-15566"
},
{
"category": "external",
"summary": "SUSE Bug 1173376 for CVE-2020-15566",
"url": "https://bugzilla.suse.com/1173376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T12:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2020-15566"
},
{
"cve": "CVE-2020-15567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15567"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15567",
"url": "https://www.suse.com/security/cve/CVE-2020-15567"
},
{
"category": "external",
"summary": "SUSE Bug 1173380 for CVE-2020-15567",
"url": "https://bugzilla.suse.com/1173380"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-15567",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_04-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_04-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-15T12:42:14Z",
"details": "moderate"
}
],
"title": "CVE-2020-15567"
}
]
}
OPENSUSE-SU-2020:0985-1
Vulnerability from csaf_opensuse - Published: 2020-07-17 22:28 - Updated: 2020-07-17 22:28Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).
- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).
- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).
- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).
- CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205).
Additional upstream bug fixes (bsc#1027519)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2020-985
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.9 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377).\n- CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378).\n- CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376).\n- CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380).\n- CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka \u0027CrossTalk\u0027 (bsc#1172205).\n\nAdditional upstream bug fixes (bsc#1027519)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-985",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0985-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0985-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M6HXOTDBKTDVSG3RF4LKQV654JBFT3BZ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0985-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M6HXOTDBKTDVSG3RF4LKQV654JBFT3BZ/"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1172205",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "self",
"summary": "SUSE Bug 1173376",
"url": "https://bugzilla.suse.com/1173376"
},
{
"category": "self",
"summary": "SUSE Bug 1173377",
"url": "https://bugzilla.suse.com/1173377"
},
{
"category": "self",
"summary": "SUSE Bug 1173378",
"url": "https://bugzilla.suse.com/1173378"
},
{
"category": "self",
"summary": "SUSE Bug 1173380",
"url": "https://bugzilla.suse.com/1173380"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0543 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15563 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15565 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15566 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15567 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15567/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-07-17T22:28:33Z",
"generator": {
"date": "2020-07-17T22:28:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0985-1",
"initial_release_date": "2020-07-17T22:28:33Z",
"revision_history": [
{
"date": "2020-07-17T22:28:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.1_04-lp152.2.3.1.i586",
"product": {
"name": "xen-devel-4.13.1_04-lp152.2.3.1.i586",
"product_id": "xen-devel-4.13.1_04-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.1_04-lp152.2.3.1.i586",
"product": {
"name": "xen-libs-4.13.1_04-lp152.2.3.1.i586",
"product_id": "xen-libs-4.13.1_04-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"product": {
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"product_id": "xen-tools-domU-4.13.1_04-lp152.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-devel-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-libs-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-tools-4.13.1_04-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"product_id": "xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.1_04-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586"
},
"product_reference": "xen-devel-4.13.1_04-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.1_04-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586"
},
"product_reference": "xen-libs-4.13.1_04-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586"
},
"product_reference": "xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0543"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0543",
"url": "https://www.suse.com/security/cve/CVE-2020-0543"
},
{
"category": "external",
"summary": "SUSE Bug 1154824 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1154824"
},
{
"category": "external",
"summary": "SUSE Bug 1172205 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172205"
},
{
"category": "external",
"summary": "SUSE Bug 1172206 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172206"
},
{
"category": "external",
"summary": "SUSE Bug 1172207 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172207"
},
{
"category": "external",
"summary": "SUSE Bug 1172770 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1172770"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2020-0543",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-17T22:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-0543"
},
{
"cve": "CVE-2020-15563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15563"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests\u0027 dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest\u0027s video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15563",
"url": "https://www.suse.com/security/cve/CVE-2020-15563"
},
{
"category": "external",
"summary": "SUSE Bug 1173377 for CVE-2020-15563",
"url": "https://bugzilla.suse.com/1173377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-17T22:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-15563"
},
{
"cve": "CVE-2020-15565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15565"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen\u0027s free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15565",
"url": "https://www.suse.com/security/cve/CVE-2020-15565"
},
{
"category": "external",
"summary": "SUSE Bug 1173378 for CVE-2020-15565",
"url": "https://bugzilla.suse.com/1173378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.9,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-17T22:28:33Z",
"details": "important"
}
],
"title": "CVE-2020-15565"
},
{
"cve": "CVE-2020-15566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15566"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, or (3) the port we try to allocate is higher than what is supported by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an administrator (max_event_channels in xl cfg). Due to the missing error checks, only (1) will be considered an error. All the other cases will provide a valid port and will result in a crash when trying to access the event channel. When the administrator configured a guest to allow more than 1023 event channels, that guest may be able to crash the host. When Xen is out-of-memory, allocation of new event channels will result in crashing the host rather than reporting an error. Xen versions 4.10 and later are affected. All architectures are affected. The default configuration, when guests are created with xl/libxl, is not vulnerable, because of the default event-channel limit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15566",
"url": "https://www.suse.com/security/cve/CVE-2020-15566"
},
{
"category": "external",
"summary": "SUSE Bug 1173376 for CVE-2020-15566",
"url": "https://bugzilla.suse.com/1173376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-17T22:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-15566"
},
{
"cve": "CVE-2020-15567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15567"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. A guest administrator or perhaps even an unprivileged guest user might be able to cause denial of service, data corruption, or privilege escalation. Only systems using Intel CPUs are vulnerable. Systems using AMD CPUs, and Arm systems, are not vulnerable. Only systems using nested paging (hap, aka nested paging, aka in this case Intel EPT) are vulnerable. Only HVM and PVH guests can exploit the vulnerability. The presence and scope of the vulnerability depends on the precise optimisations performed by the compiler used to build Xen. If the compiler generates (a) a single 64-bit write, or (b) a series of read-modify-write operations in the same order as the source code, the hypervisor is not vulnerable. For example, in one test build using GCC 8.3 with normal settings, the compiler generated multiple (unlocked) read-modify-write operations in source-code order, which did not constitute a vulnerability. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code-generation options). The source code clearly violates the C rules, and thus should be considered vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15567",
"url": "https://www.suse.com/security/cve/CVE-2020-15567"
},
{
"category": "external",
"summary": "SUSE Bug 1173380 for CVE-2020-15567",
"url": "https://bugzilla.suse.com/1173380"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-15567",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_04-lp152.2.3.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_04-lp152.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-17T22:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-15567"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…