What is CVE-2020-15563?

CVE-2020-15563 is a vulnerability in Xen that allows x86 HVM guest OS users to cause a hypervisor crash.

How does CVE-2020-15563 work?

CVE-2020-15563 works by exploiting an inverted conditional in x86 HVM guests' dirty video RAM tracking code, allowing guests to make Xen de-reference a pointer that points to unmapped space.

What is the severity of CVE-2020-15563?

The severity of CVE-2020-15563 is not specified in the provided information.

Which software versions are affected by CVE-2020-15563?

Versions 4.11.3+24- and earlier of Xen on Ubuntu, and versions 4.11.4+107-gef32c7afa2-1, 4.14.5+94-ge49571868d-1, 4.17.1+2-gb773c48e36-1, and 4.17.2-1 and earlier of Xen on Debian are affected.

How can CVE-2020-15563 be fixed?

To fix CVE-2020-15563, apply the recommended patches provided by the vendor for your specific Xen version.

Vulnerability/
CVE-2020-15563

medium

6.5

CWE

119

7/7/2020

4/8/2024

CVE-2020-15563: Buffer Overflow

First published: Tue Jul 07 2020(Updated: )

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Xen Xen	>=4.8.0<=4.13.1
Debian Debian Linux	=10.0
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
openSUSE Leap	=15.2
debian/xen		4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.3+36-g54dacb5c02-1

Remedy

http://xenbits.xen.org/xsa/advisory-319.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-15563?
CVE-2020-15563 is a vulnerability in Xen that allows x86 HVM guest OS users to cause a hypervisor crash.
How does CVE-2020-15563 work?
CVE-2020-15563 works by exploiting an inverted conditional in x86 HVM guests' dirty video RAM tracking code, allowing guests to make Xen de-reference a pointer that points to unmapped space.
What is the severity of CVE-2020-15563?
The severity of CVE-2020-15563 is not specified in the provided information.
Which software versions are affected by CVE-2020-15563?
Versions 4.11.3+24- and earlier of Xen on Ubuntu, and versions 4.11.4+107-gef32c7afa2-1, 4.14.5+94-ge49571868d-1, 4.17.1+2-gb773c48e36-1, and 4.17.2-1 and earlier of Xen on Debian are affected.
How can CVE-2020-15563 be fixed?
To fix CVE-2020-15563, apply the recommended patches provided by the vendor for your specific Xen version.

collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/remedy
agent/weakness
agent/severity
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/trending
vendor/xen
canonical/xen xen
version/xen xen/4.8.0
version/xen xen/4.13.1
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.2
package-manager/debian