CVE-2020-25596

2020-09-2300:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can
experience denial of service via SYSENTER. The SYSENTER instruction leaves
various state sanitization activities to software. One of Xen’s
sanitization paths injects a #GP fault, and incorrectly delivers it twice
to the guest. This causes the guest kernel to observe a kernel-privilege
#GP fault (typically fatal) rather than a user-privilege #GP fault (usually
converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the
guest kernel, resulting in a VM Denial of Service. All versions of Xen from
3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms
are not vulnerable. Only x86 systems that support the SYSENTER instruction
in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and
Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only
x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot
exploit the vulnerability.

Notes

Author	Note
mdeslaur	hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxen< anyUNKNOWN
ubuntu20.04noarchxen< 4.11.3+24-g14b62ab3e5-1ubuntu2.3UNKNOWN
ubuntu16.04noarchxen< anyUNKNOWN