CVE-2020-15852
First published: Mon Jul 20 2020(Updated: )
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=5.5<=5.7.9 | |
| Xen Xen | <=4.13.1 | |
| Netapp Cloud Backup | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Solidfire Baseboard Management Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/07/21/2
- http://xenbits.xen.org/xsa/advisory-329.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
- https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
- https://security.netapp.com/advisory/ntap-20200810-0001/
Frequently Asked Questions
What is CVE-2020-15852?
CVE-2020-15852 is a vulnerability in the Linux kernel, specifically in versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.
How does CVE-2020-15852 work?
CVE-2020-15852 allows an attacker to be granted the I/O port permissions of an unrelated task due to mishandling in tss_invalidate_io_bitmap, leading to a loss of synchronization between the I/O bitmaps.
What is the severity of CVE-2020-15852?
The severity of CVE-2020-15852 is high, with a severity value of 7.8.
Which software is affected by CVE-2020-15852?
The Linux kernel versions 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests, as well as Netapp Cloud Backup, Netapp Steelstore Cloud Integrated Storage, and Netapp Solidfire Baseboard Management Controller are affected by CVE-2020-15852.
How do I fix CVE-2020-15852?
To fix CVE-2020-15852, users should apply the necessary security patches provided by the Linux kernel and Xen, as well as follow any remediation steps recommended by Netapp for their affected products.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.5
- version/linux linux kernel/5.7.9
- vendor/xen
- canonical/xen xen
- version/xen xen/4.13.1
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp solidfire baseboard management controller