CVE-2020-25603

{"id": "CVE-2020-25603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-09-23T22:15:13.853", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202011-06", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2020/dsa-4769", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-340.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.14.x. Se presenta una carencia de barreras de memoria al acceder y asignar un canal de eventos. Las estructuras de control de canales de eventos pueden ser accedidas sin lock siempre que el puerto se considere v\u00e1lido. A dicha secuencia le falta una barrera de memoria adecuada (por ejemplo, smp_* mb()) para evitar que tanto el compilador como la CPU reordenen el acceso. Un invitado malicioso puede causar un bloqueo del hypervisor que resulte en una Denegaci\u00f3n de Servicio (DoS). Un filtrado de informaci\u00f3n y una escalada de privilegios no puede ser excluidas. Los sistemas que ejecutan todas las versiones de Xen est\u00e1n afectados. La vulnerabilidad de un sistema depender\u00e1 de la CPU y el compilador usados para construir Xen. Para todos los sistemas, la presencia y el alcance de la vulnerabilidad dependen del reordenamiento preciso realizado por el compilador utilizado para compilar Xen. No hemos podido encuestar a los compiladores; en consecuencia, no podemos decir qu\u00e9 compilador (es) podr\u00edan producir c\u00f3digo vulnerable (con cuales opciones de generaci\u00f3n de c\u00f3digo). La documentaci\u00f3n de GCC sugiere claramente que el reordenamiento es posible. Los sistemas Arm tambi\u00e9n ser\u00e1n vulnerables si la CPU puede reordenar el acceso a la memoria. Consulte a su proveedor de CPU. Los sistemas x86 solo son vulnerables si un compilador realiza un reordenamiento."}], "lastModified": "2023-11-07T03:20:16.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D769F4A-98C6-4544-AC04-3D8600C17BBB", "versionEndIncluding": "4.14.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}