Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.XEN_SERVER_XSA-356.NASL
HistoryJan 05, 2021 - 12:00 a.m.

Xen IRQ Infinite Loop DoS (XSA-356)

2021-01-0500:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability due to an issue when handling IRQ vectors. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(144743);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/03");

  script_cve_id("CVE-2020-29567");
  script_xref(name:"IAVB", value:"2020-B-0077-S");

  script_name(english:"Xen IRQ Infinite Loop DoS (XSA-356)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Xen hypervisor installation is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial
of service vulnerability due to an issue when handling IRQ vectors. When moving IRQs between CPUs to distribute the load
of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to
happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send
an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the
cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of
self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup
of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm
systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version 
number.");
  script_set_attribute(attribute:"see_also", value:"https://xenbits.xen.org/xsa/advisory-356.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch or workaround according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-29567");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/05");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("xen_server_detect.nbin");
  script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = 'Xen Hypervisor';

app_info = vcf::xen_hypervisor::get_app_info(app:app);

fixes['4.14']['fixed_ver']           = '4.14.1';
fixes['4.14']['fixed_ver_display']   = '4.14.1-pre (changeset d785e07)';
fixes['4.14']['affected_ver_regex']  = "^4\.14\.";
fixes['4.14']['affected_changesets'] = make_list('d8f08a4', '5174e42',
  'bfc99c3', '13268c5', 'de822c4', '57bbcd0', '7214cc7', '49ed711',
  'dc871dd', 'b1c5e40', '61d3863', '9e53440', '335ef5b', '6fa3e05',
  'f4405b6', '228e562', '0a79a1b', '5073c6b', '5259358', '3d0e1a1',
  '117521e', '91992c7', '4e298fa', '3beffb3', 'da67712', '9c898a8',
  'f130d5f', '1d1d1f5', '72bd989', '8e6c236', '1cfb9b1', '7c6ee4e',
  'd11d977', '1ad1773', '0057b1f', 'd101b41', 'd95f450', '73a0927',
  'a38060e', '78a53f0', '89ae1b1', '7398a44', '59b8366', '1f9f1cb',
  'f728b2d', '71a12a9', '0c96e42', '29b48aa', 'd131310', '7d2b21f',
  'f61c5d0', 'fc8fab1', '898864c', '9f954ae', '5784d1e', '10bb63c',
  '941f69a', '7b1e587', 'ee47e8e', '4ba3fb0', 'd2ba323', 'b081a5f',
  'e936515', '9c1cc64', '829dbe2', '8d14800', '0521dc9', '64c3951',
  '0974e00', 'a279fcb', 'f7ab0c1', '7339975', '94c157f', '79f1701',
  '9e757fc', '809a70b', 'b427109', 'c93b520', 'f37a1cf', '5478934',
  '43eceee', '03019c2', '66cdf34', 'ecc6428', '2ee270e', '9b9fc8e',
  'b8c2efb', 'f546906', 'eb4a543', 'e417504', '0bc4177', '5ad3152',
  'fc8200a', '5eab5f0', 'b04d673', '28855eb', '174be04', '158c3bd',
  '3535f23', 'de7e543', '483b43c', '431d52a', 'ceafff7', '369e7a3',
  '98aa6ea', '80dec06', '5482c28', 'edf5b86', 'eca6d5e', 'c3a0fc2',
  '864d570', 'afed8e4', 'a5dab0a', 'b8c3e33', 'f836759');

vcf::xen_hypervisor::check_version_and_report(app_info:app_info, fixes:fixes, severity:SECURITY_WARNING);
VendorProductVersionCPE
xenxencpe:/o:xen:xen

Related

osv 1
prion 1
ubuntucve 1
cvelist 1
xen 1
alpinelinux 1
veracode 1
cve 1
debiancve 1
fedora 1
nessus 2
openvas 1
gentoo 1
osv
osv
CVE-2020-29567
2020-12-15 17:15:14
prion
prion
Design/Logic Flaw
2020-12-15 17:15:00
ubuntucve
ubuntucve
CVE-2020-29567
2020-12-15 00:00:00
cvelist
cvelist
CVE-2020-29567
2020-12-15 16:50:37
xen
xen
infinite loop when cleaning up IRQ vectors
2020-12-15 12:00:00
alpinelinux
alpinelinux
CVE-2020-29567
2020-12-15 17:15:00
veracode
veracode
Denial Of Service (DoS)
2021-04-29 12:58:47
cve
cve
CVE-2020-29567
2020-12-15 17:15:00
debiancve
debiancve
CVE-2020-29567
2020-12-15 17:15:00
fedora
fedora
[SECURITY] Fedora 33 Update: xen-4.14.0-14.fc33
2020-12-25 01:24:46
nessus
nessus
Fedora 33 : xen (2020-64859a826b)
2020-12-28 00:00:00
GLSA-202107-30 : Xen: Multiple vulnerabilities
2022-01-24 00:00:00
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2020-64859a826b)
2020-12-25 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2021-07-12 00:00:00
JSON
Related for XEN_SERVER_XSA-356.NASL
osv1prion1ubuntucve1cvelist1xen1alpinelinux1veracode1cve1debiancve1fedora1nessus2openvas1gentoo1