What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-25599.

What is the severity of CVE-2020-25599?

The severity of CVE-2020-25599 has not been specified.

What software is affected by CVE-2020-25599?

The software affected by CVE-2020-25599 is Xen through version 4.14.x.

How can CVE-2020-25599 be exploited?

CVE-2020-25599 can be exploited through race conditions in evtchn_reset(), potentially by a guest on itself or by using EVTCHNOP_reset or XEN_DOMCTL_soft_reset.

Are there any known fixes for CVE-2020-25599?

Yes, fixes are available for CVE-2020-25599. Please refer to the official advisories and update your software accordingly.

Vulnerability/
CVE-2020-25599

high

CWE

119 362

23/9/2020

4/8/2024

CVE-2020-25599: Buffer Overflow

First published: Wed Sep 23 2020(Updated: )

An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Xen Xen	>=4.5.0<=4.14.0
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
openSUSE Leap	=15.2
Debian Debian Linux	=10.0
debian/xen		4.14.6-1 4.14.5+94-ge49571868d-1 4.17.3+10-g091466ba55-1~deb12u1 4.17.3+36-g54dacb5c02-1

Remedy

https://xenbits.xen.org/xsa/advisory-343.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-25599.
What is the severity of CVE-2020-25599?
The severity of CVE-2020-25599 has not been specified.
What software is affected by CVE-2020-25599?
The software affected by CVE-2020-25599 is Xen through version 4.14.x.
How can CVE-2020-25599 be exploited?
CVE-2020-25599 can be exploited through race conditions in evtchn_reset(), potentially by a guest on itself or by using EVTCHNOP_reset or XEN_DOMCTL_soft_reset.
Are there any known fixes for CVE-2020-25599?
Yes, fixes are available for CVE-2020-25599. Please refer to the official advisories and update your software accordingly.

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/remedy
agent/severity
agent/description
agent/weakness
agent/references
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/tags
collector/usn-cve
source/Ubuntu
vendor/xen
canonical/xen xen
version/xen xen/4.5.0
version/xen xen/4.14.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.2
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/debian