Denial Of Service (DoS)

2020-08-0621:38:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

32.6%

JSON

xen is vulnerable to denial of service (DoS). The vulnerability exists as an issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path.

CPENameOperatorVersion
xen:3.11eq4.13.0-r0
xeneq4.11.3-r1
xen:3.10eq4.12.2-r0
xen:3.8eq4.10.4-r2
xen:edgeeq4.13.0-r2
xen:3.11eq4.13.0-r0
xeneq4.11.3-r1
xen:3.10eq4.12.2-r0
xen:3.8eq4.10.4-r2
xen:edgeeq4.13.0-r2

Name	Operator	Version
xen:3.11	eq	4.13.0-r0
xen	eq	4.11.3-r1
xen:3.10	eq	4.12.2-r0
xen:3.8	eq	4.10.4-r2
xen:edge	eq	4.13.0-r2
xen:3.11	eq	4.13.0-r0
xen	eq	4.11.3-r1
xen:3.10	eq	4.12.2-r0
xen:3.8	eq	4.10.4-r2
xen:edge	eq	4.13.0-r2