11 matches found
EUVD-2020-18281
Malware in sbrugna...
Xen missing error handling in MSR_MISC_ENABLE DoS (XSA-333)
A denial of service DoS vulnerability exists in Xen server due to missing error handling in MISCENABLE MSR. A malicious PV guest administrator can trigger Xen to crash, resulting in a host DoS. Note that Nessus has not tested for this issue but has instead relied only on the application's...
Fedora 31 : xen (2020-d46fe34349)
x86 pv: Crash when handling guest access to MSRMISCENABLE XSA-333, CVE-2020-25602 1881619 Missing unlock in XENMEMacquireresource error path XSA-334, CVE-2020-25598 1881616 race when migrating timers between x86 HVM vCPU-s XSA-336, CVE-2020-25604 1881618 PCI passthrough code reading back hardware...
Fedora 32 : xen (2020-f668e579be)
x86 pv: Crash when handling guest access to MSRMISCENABLE XSA-333, CVE-2020-25602 1881619 Missing unlock in XENMEMacquireresource error path XSA-334, CVE-2020-25598 1881616 race when migrating timers between x86 HVM vCPU-s XSA-336, CVE-2020-25604 1881618 PCI passthrough code reading back hardware...
Denial Of Service (DoS)
xen is vulnerable to denial of service. An attacker is able to crash the host OS due to insecure handling of guest access to MSRMISCENABLE...
CVE-2020-25602
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...
Design/Logic Flaw
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...
CVE-2020-25602
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...
CVE-2020-25602
CVE-2020-25602 : Xen up to 4.14.x contains a vulnerability where an x86 PV guest accessing the MISC_ENABLE MSR (0x1a0) triggers a host crash due to missing #GP fault handling when reading this Intel-specific MSR. The vulnerability can crash the host Xen instance, enabling a local Denial of Servic...
CVE-2020-25602
An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSRMISCENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the...
x86 pv: Crash when handling guest access to MSR_MISC_ENABLE
ISSUE DESCRIPTION When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISCENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a GP fault, which is t...