4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.7%
An issue was discovered in Xen through 4.13.x, allowing guest OS users to
cause a denial of service because of bad continuation handling in
GNTTABOP_copy. Grant table operations are expected to return 0 for success,
and a negative number for errors. The fix for CVE-2017-12135 introduced a
path through grant copy handling where success may be returned to the
caller without any action taken. In particular, the status fields of
individual operations are left uninitialised, and may result in errant
behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can
construct its grant table in such a way that, when a backend domain tries
to copy a grant, it hits the incorrect exit path. This returns success to
the caller without doing anything, which may cause crashes or other
incorrect behaviour.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2020/04/14/4
xenbits.xen.org/xsa/advisory-318.html
launchpad.net/bugs/cve/CVE-2020-11742
nvd.nist.gov/vuln/detail/CVE-2020-11742
security-tracker.debian.org/tracker/CVE-2020-11742
ubuntu.com/security/notices/USN-5617-1
www.cve.org/CVERecord?id=CVE-2020-11742
xenbits.xen.org/xsa/advisory-318.html
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.7%