CVE-2020-25598
First published: Wed Sep 23 2020(Updated: )
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen XAPI | >=4.12.0<=4.14.0 | |
| Fedora | =31 | |
| Fedora | =32 | |
| Fedora | =33 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/
- https://security.gentoo.org/glsa/202011-06
- https://xenbits.xen.org/xsa/advisory-334.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/
Frequently Asked Questions
What is the severity of CVE-2020-25598?
CVE-2020-25598 is classified as a medium severity vulnerability due to potential impact on system stability.
How do I fix CVE-2020-25598?
To fix CVE-2020-25598, update to the latest version of Xen that addresses this issue.
Which versions of Xen are affected by CVE-2020-25598?
CVE-2020-25598 affects Xen versions between 4.12.0 and 4.14.0.
Can CVE-2020-25598 be exploited remotely?
CVE-2020-25598 does not have a defined remote exploit vector but may impact local system operations.
What types of systems are impacted by CVE-2020-25598?
CVE-2020-25598 impacts systems running affected versions of Xen, including various distributions like Fedora and openSUSE.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xen
- canonical/xen xapi
- version/xen xapi/4.12.0
- version/xen xapi/4.14.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/31
- version/fedora/32
- version/fedora/33
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.2