7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
72.1%
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS
users to cause a denial of service (guest OS crash) because VMX VMEntry
checks mishandle a certain case. Please see XSA-260 for background on the
MovSS shadow. Please see XSA-156 for background on the need for #DB
interception. The VMX VMEntry checks do not like the exact combination of
state which occurs when #DB in intercepted, Single Stepping is active, and
blocked by STI/MovSS is active, despite this being a legitimate state to be
in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest
userspace code may be able to crash the guest, resulting in a guest Denial
of Service. All versions of Xen are affected. Only systems supporting VMX
hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected.
Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV
guests cannot leverage the vulnerability.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
72.1%