Redhat.comRH:CVE-2020-25602CVE-2020-25602
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:N/A:C
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.4%
A flaw was found in Xen, specifically when a guest accesses certain Model Specific Registers where Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. This flaw allows an unprivileged guest to crash Xen, leading to a denial of service (DoS) for the entire system. The highest threat from this vulnerability is to system availability.
Mitigation
Running only HVM/PVH guests avoids the vulnerability.
Related
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:N/A:C
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.4%