Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
xenXen ProjectXSA-286
HistoryOct 20, 2020 - 11:49 a.m.

x86 PV guest INVLPG-like flushes may leave stale TLB entries

2020-10-2011:49:00
Xen Project
xenbits.xen.org
19

0.0005 Low

EPSS

Percentile

16.8%

JSON

ISSUE DESCRIPTION

x86 PV guest kernels may use hypercalls with INVLPG-like behavior to invalidate TLB entries even after changes to non-leaf page tables. Such changes to non-leaf page tables will, however, also render stale possible TLB entries created by Xen’s internal use of linear page tables to process guest requests like update-va-mapping. Invalidation of these TLB entries has been missing, allowing subsequent guest requests to change address mappings for one process to potentially modify memory meanwhile in use elsewhere.

IMPACT

Malicious x86 PV guest user mode may be able to escalate their privilege to that of the guest kernel.

VULNERABLE SYSTEMS

All versions of Xen expose the vulnerability.
The vulnerability is exposed to x86 PV guests only. x86 HVM/PVH guests as well as ARM ones are not vulnerable.

Related

fedora 3
osv 2
nessus 15
openvas 10
cvelist 1
prion 1
cve 1
redhatcve 1
ubuntucve 1
veracode 1
debiancve 1
suse 2
debian 1
citrix 1
gentoo 1
fedora
fedora
[SECURITY] Fedora 32 Update: xen-4.13.2-1.fc32
2020-11-12 03:16:18
[SECURITY] Fedora 33 Update: xen-4.14.0-9.fc33
2020-11-12 03:08:44
[SECURITY] Fedora 31 Update: xen-4.12.3-8.fc31
2020-11-20 01:29:24
osv
osv
CVE-2020-27674
2020-10-22 21:15:14
xen - security update
2020-12-04 00:00:00
nessus
nessus
Fedora 33 : xen (2020-ec84c1565b)
2020-11-12 00:00:00
Fedora 32 : xen (2020-5398bfb466)
2020-11-12 00:00:00
Xen INVLPG-like flushes may leave stale TLB entries privilege escalation (XSA-286)
2021-01-19 00:00:00
openvas
openvas
Fedora: Security Advisory for xen (FEDORA-2020-5398bfb466)
2020-11-12 00:00:00
Fedora: Security Advisory for xen (FEDORA-2020-ec84c1565b)
2020-11-12 00:00:00
Fedora: Security Advisory for xen (FEDORA-2020-6dd36a716c)
2020-11-22 00:00:00
cvelist
cvelist
CVE-2020-27674
2020-10-22 20:33:07
prion
prion
Design/Logic Flaw
2020-10-22 21:15:00
cve
cve
CVE-2020-27674
2020-10-22 21:15:00
redhatcve
redhatcve
CVE-2020-27674
2020-10-23 19:04:57
ubuntucve
ubuntucve
CVE-2020-27674
2020-10-22 00:00:00
veracode
veracode
CVE-2020-27674
2021-01-21 16:35:09
debiancve
debiancve
CVE-2020-27674
2020-10-22 21:15:00
suse
suse
Security update for xen (important)
2020-12-05 00:00:00
Security update for xen (important)
2020-12-07 00:00:00
debian
debian
[SECURITY] [DSA 4804-1] xen security update
2020-12-04 18:15:47
citrix
citrix
Citrix Hypervisor Security Update
2020-10-27 04:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2020-11-11 00:00:00

0.0005 Low

EPSS

Percentile

16.8%

JSON
Related for XSA-286
fedora3osv2nessus15openvas10cvelist1prion1cve1redhatcve1ubuntucve1veracode1debiancve1suse2debian1citrix1gentoo1