CVE-2020-15564

2020-07-0700:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

13.5%

JSON

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users
to cause a hypervisor crash because of a missing alignment check in
VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used
by a guest to register a shared region with the hypervisor. The region will
be mapped into Xen address space so it can be directly accessed. On Arm,
the region is accessed with instructions that require a specific alignment.
Unfortunately, there is no check that the address provided by the guest
will be correctly aligned. As a result, a malicious guest could cause a
hypervisor crash by passing a misaligned address. A malicious guest
administrator may cause a hypervisor crash, resulting in a Denial of
Service (DoS). All Xen versions are vulnerable. Only Arm systems are
vulnerable. x86 systems are not affected.

Notes

Author	Note
mdeslaur	hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxen< anyUNKNOWN
ubuntu20.04noarchxen< 4.11.3+24-g14b62ab3e5-1ubuntu2.3UNKNOWN
ubuntu16.04noarchxen< anyUNKNOWN