Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2020-29480

🗓️ 30 Aug 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

Xen up to 4.14 lets a guest administrator observe xenstore watch events without checks, exposing domain and device data.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of Xen hypervisors, related to insufficient validation of input data, allows attackers to gain unauthorized access to protected information.
18 Oct 202200:00
bdu_fstec
Circl		CVE-2020-29480
15 Dec 202020:40
circl
CNNVD		Xen License Issues Vulnerability
15 Dec 202000:00
cnnvd
Citrix		Citrix Hypervisor Security Update
15 Dec 202013:18
citrix
CVE		CVE-2020-29480
15 Dec 202017:08
cve
Cvelist		CVE-2020-29480
15 Dec 202017:08
cvelist
Debian		[SECURITY] [DSA 4812-1] xen security update
15 Dec 202012:50
debian
Debian CVE		CVE-2020-29480
15 Dec 202017:08
debiancve
Tenable Nessus		Debian DSA-4812-1 : xen - security update
16 Dec 202000:00
nessus
Tenable Nessus		Fedora 33 : xen (2020-64859a826b)
28 Dec 202000:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(259117);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/30");

  script_cve_id("CVE-2020-29480");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-29480");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks
    when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will
    cause notifications for every created, modified, and deleted key. A guest administrator can also use the
    special watches, which will cause a notification every time a domain is created and destroyed. Data may
    include: number, type, and domids of other VMs; existence and domids of driver domains; numbers of virtual
    interfaces, block devices, vcpus; existence of virtual framebuffers and their backend style (e.g.,
    existence of VNC service); Xen VM UUIDs for other domains; timing information about domain creation and
    device setup; and some hints at the backend provisioning of VMs and their devices. The watch events do not
    contain values stored in xenstore, only key names. A guest administrator can observe non-sensitive domain
    and device lifecycle events relating to other guests. This information allows some insight into overall
    system configuration (including the number and general nature of other guests), and configuration of other
    guests (including the number and general nature of other guests' devices). This information might be
    commercially interesting or might make other attacks easier. There is not believed to be exposure of
    sensitive data. Specifically, there is no exposure of VNC passwords, port numbers, pathnames in host and
    guest filesystems, cryptographic keys, or within-guest data. (CVE-2020-29480)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-29480");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-29480");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xen");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libxen-4.6"},
          {"reference": "libxen-dev"},
          {"reference": "libxenstore3.0"},
          {"reference": "xen-hypervisor-4.4-amd64"},
          {"reference": "xen-hypervisor-4.4-arm64"},
          {"reference": "xen-hypervisor-4.4-armhf"},
          {"reference": "xen-hypervisor-4.5-amd64"},
          {"reference": "xen-hypervisor-4.5-arm64"},
          {"reference": "xen-hypervisor-4.5-armhf"},
          {"reference": "xen-hypervisor-4.6-amd64"},
          {"reference": "xen-hypervisor-4.6-arm64"},
          {"reference": "xen-hypervisor-4.6-armhf"},
          {"reference": "xen-system-amd64"},
          {"reference": "xen-system-arm64"},
          {"reference": "xen-system-armhf"},
          {"reference": "xen-utils-4.6"},
          {"reference": "xen-utils-common"},
          {"reference": "xenstore-utils"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libxen-4.9"},
          {"reference": "libxen-dev"},
          {"reference": "libxenstore3.0"},
          {"reference": "xen-hypervisor-4.6-amd64"},
          {"reference": "xen-hypervisor-4.6-arm64"},
          {"reference": "xen-hypervisor-4.6-armhf"},
          {"reference": "xen-hypervisor-4.7-amd64"},
          {"reference": "xen-hypervisor-4.7-arm64"},
          {"reference": "xen-hypervisor-4.7-armhf"},
          {"reference": "xen-hypervisor-4.8-amd64"},
          {"reference": "xen-hypervisor-4.8-arm64"},
          {"reference": "xen-hypervisor-4.8-armhf"},
          {"reference": "xen-hypervisor-4.9-amd64"},
          {"reference": "xen-hypervisor-4.9-arm64"},
          {"reference": "xen-hypervisor-4.9-armhf"},
          {"reference": "xen-system-amd64"},
          {"reference": "xen-system-arm64"},
          {"reference": "xen-system-armhf"},
          {"reference": "xen-utils-4.9"},
          {"reference": "xen-utils-common"},
          {"reference": "xenstore-utils"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "xen"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Aug 2025 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 22.1
CVSS 3.12.3
EPSS0.00062
Xen vulnerabilityXenstore watchGuest administratorDomain lifecycleDevice lifecycleMissing permission checks
3