What is CVE-2020-15852?

CVE-2020-15852 is a vulnerability in the Linux kernel, specifically in versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.

How does CVE-2020-15852 work?

CVE-2020-15852 allows an attacker to be granted the I/O port permissions of an unrelated task due to mishandling in tss_invalidate_io_bitmap, leading to a loss of synchronization between the I/O bitmaps.

What is the severity of CVE-2020-15852?

The severity of CVE-2020-15852 is high, with a severity value of 7.8.

Which software is affected by CVE-2020-15852?

The Linux kernel versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests, as well as Netapp Cloud Backup, Netapp Steelstore Cloud Integrated Storage, and Netapp Solidfire Baseboard Management Controller are affected by CVE-2020-15852.

How do I fix CVE-2020-15852?

To fix CVE-2020-15852, users should apply the necessary security patches provided by the Linux kernel and Xen, as well as follow any remediation steps recommended by Netapp for their affected products.

Vulnerability/
CVE-2020-15852

high

7.8

CWE

276

20/7/2020

3/12/2022

CVE-2020-15852

First published: Mon Jul 20 2020(Updated: )

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Linux kernel	>=5.5<=5.7.9
Xen Xen	<=4.13.1
Netapp Cloud Backup
Netapp Steelstore Cloud Integrated Storage
Netapp Solidfire Baseboard Management Controller

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-15852?
CVE-2020-15852 is a vulnerability in the Linux kernel, specifically in versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.
How does CVE-2020-15852 work?
CVE-2020-15852 allows an attacker to be granted the I/O port permissions of an unrelated task due to mishandling in tss_invalidate_io_bitmap, leading to a loss of synchronization between the I/O bitmaps.
What is the severity of CVE-2020-15852?
The severity of CVE-2020-15852 is high, with a severity value of 7.8.
Which software is affected by CVE-2020-15852?
The Linux kernel versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests, as well as Netapp Cloud Backup, Netapp Steelstore Cloud Integrated Storage, and Netapp Solidfire Baseboard Management Controller are affected by CVE-2020-15852.
How do I fix CVE-2020-15852?
To fix CVE-2020-15852, users should apply the necessary security patches provided by the Linux kernel and Xen, as well as follow any remediation steps recommended by Netapp for their affected products.

collector/nvd-index
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.5
version/linux linux kernel/5.7.9
vendor/xen
canonical/xen xen
version/xen xen/4.13.1
vendor/netapp
canonical/netapp cloud backup
canonical/netapp steelstore cloud integrated storage
canonical/netapp solidfire baseboard management controller

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.