6.1 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:P/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
incorrect error handling in event channel port allocation leads to DoS [XSA-317, CVE-2020-15566] (#1854465) inverted code paths in x86 dirty VRAM tracking leads to DoS [XSA-319, CVE-2020-15563] (#1854463) xen:
insufficient cache write-back under VT-d leads to DoS [XSA-321, CVE-2020-15565] (#1854467) missing alignment check in VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564] (#1854458) non-atomic modification of live EPT PTE leads to DoS [XSA-328, CVE-2020-15567] (#1854464)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-76cf2b0f0a.
#
include('compat.inc');
if (description)
{
script_id(138864);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/29");
script_cve_id(
"CVE-2020-15563",
"CVE-2020-15564",
"CVE-2020-15565",
"CVE-2020-15566",
"CVE-2020-15567"
);
script_xref(name:"FEDORA", value:"2020-76cf2b0f0a");
script_xref(name:"IAVB", value:"2020-B-0034-S");
script_name(english:"Fedora 31 : xen (2020-76cf2b0f0a)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"incorrect error handling in event channel port allocation leads to DoS
[XSA-317, CVE-2020-15566] (#1854465) inverted code paths in x86 dirty
VRAM tracking leads to DoS [XSA-319, CVE-2020-15563] (#1854463) xen:
insufficient cache write-back under VT-d leads to DoS [XSA-321,
CVE-2020-15565] (#1854467) missing alignment check in
VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564]
(#1854458) non-atomic modification of live EPT PTE leads to DoS
[XSA-328, CVE-2020-15567] (#1854464)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a");
script_set_attribute(attribute:"solution", value:
"Update the affected xen package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15565");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/07");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"xen-4.12.3-3.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | xen | p-cpe:/a:fedoraproject:fedora:xen |
fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15564
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15567
bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a
6.1 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:P/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%