6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
13.3%
An issue was discovered in Xen through 4.13.x, allowing guest OS users to
cause a host OS crash because of incorrect error handling in event-channel
port allocation. The allocation of an event-channel port may fail for
multiple reasons: (1) port is already in use, (2) the memory allocation
failed, or (3) the port we try to allocate is higher than what is supported
by the ABI (e.g., 2L or FIFO) used by the guest or the limit set by an
administrator (max_event_channels in xl cfg). Due to the missing error
checks, only (1) will be considered an error. All the other cases will
provide a valid port and will result in a crash when trying to access the
event channel. When the administrator configured a guest to allow more than
1023 event channels, that guest may be able to crash the host. When Xen is
out-of-memory, allocation of new event channels will result in crashing the
host rather than reporting an error. Xen versions 4.10 and later are
affected. All architectures are affected. The default configuration, when
guests are created with xl/libxl, is not vulnerable, because of the default
event-channel limit.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2020/07/07/2
xenbits.xen.org/xsa/advisory-317.html
launchpad.net/bugs/cve/CVE-2020-15566
nvd.nist.gov/vuln/detail/CVE-2020-15566
security-tracker.debian.org/tracker/CVE-2020-15566
ubuntu.com/security/notices/USN-5617-1
www.cve.org/CVERecord?id=CVE-2020-15566
xenbits.xen.org/xsa/advisory-317.html
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
13.3%