Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11742

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.

Published

2020-04-14T13:15:12.923

Last Modified

2024-11-21T04:58:31.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xen	xen	≤ 4.13.0	Yes
Operating System	xen	xen	4.13.0	Yes
Operating System	xen	xen	4.13.0	Yes
Operating System	fedoraproject	fedora	32	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html ([email protected])
http://www.openwall.com/lists/oss-security/2020/04/14/4 Mitigation, Patch, Third Party Advisory ([email protected])
http://xenbits.xen.org/xsa/advisory-318.html Patch, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ ([email protected])
https://security.gentoo.org/glsa/202005-08 ([email protected])
https://www.debian.org/security/2020/dsa-4723 ([email protected])
https://xenbits.xen.org/xsa/advisory-318.html Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/04/14/4 Mitigation, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://xenbits.xen.org/xsa/advisory-318.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202005-08 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4723 (af854a3a-2127-422b-91ae-364da2661108)
https://xenbits.xen.org/xsa/advisory-318.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)