Denial Of Service (DoS)

2020-08-0621:38:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

JSON

xen is vulnerable to denial of service (DoS). The vulnerability exists as an issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path.

CPENameOperatorVersion
xen:3.11eq4.13.0-r0
xeneq4.11.3-r1
xen:3.10eq4.12.2-r0
xen:3.8eq4.10.4-r2
xen:edgeeq4.13.0-r2
xen:3.11eq4.13.0-r0
xeneq4.11.3-r1
xen:3.10eq4.12.2-r0
xen:3.8eq4.10.4-r2
xen:edgeeq4.13.0-r2

Name	Operator	Version
xen:3.11	eq	4.13.0-r0
xen	eq	4.11.3-r1
xen:3.10	eq	4.12.2-r0
xen:3.8	eq	4.10.4-r2
xen:edge	eq	4.13.0-r2
xen:3.11	eq	4.13.0-r0
xen	eq	4.11.3-r1
xen:3.10	eq	4.12.2-r0
xen:3.8	eq	4.10.4-r2
xen:edge	eq	4.13.0-r2