| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Xen up to 4.14.x. It has been rated as problematic. The affected element is the function SYSENTER. Performing a manipulation results in null termination.
This vulnerability is known as CVE-2020-25596. No exploit is available.
Upgrading the affected component is advised.
Details
A vulnerability, which was classified as problematic, was found in Xen up to 4.14.x (Virtualization Software). This affects the function SYSENTER. The manipulation with an unknown input leads to a null termination vulnerability. CWE is classifying the issue as CWE-170. The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. This is going to have an impact on availability. The summary by CVE is:
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.
The weakness was published 09/23/2020. This vulnerability is uniquely identified as CVE-2020-25596 since 09/16/2020. Technical details are known, but no exploit is available.
Upgrading eliminates this vulnerability.
Similar entries are available at VDB-161809, VDB-161808, VDB-161807 and VDB-161806. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Xen
- Citrix Hypervisor up to 8.2 LTSR
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null terminationCWE: CWE-170 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
09/16/2020 🔍09/23/2020 🔍
09/24/2020 🔍
09/30/2020 🔍
Sources
Status: Not definedCVE: CVE-2020-25596 (🔍)
GCVE (CVE): GCVE-0-2020-25596
GCVE (VulDB): GCVE-100-161805
See also: 🔍
Entry
Created: 09/24/2020 06:42Updated: 09/30/2020 21:43
Changes: 09/24/2020 06:42 (37), 09/30/2020 21:43 (4)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.