Xen up to 4.14.x FIFO Event Channel evtchn_reset/evtchn_destroy denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Xen up to 4.14.x. Affected by this vulnerability is the function evtchn_reset/evtchn_destroy of the component FIFO Event Channel Handler. Such manipulation leads to denial of service.
This vulnerability is referenced as CVE-2020-25601. No exploit is available.
Upgrading the affected component is recommended.
Details
A vulnerability was found in Xen up to 4.14.x (Virtualization Software). It has been rated as problematic. Affected by this issue is the function evtchn_reset/evtchn_destroy of the component FIFO Event Channel Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. CVE summarizes:
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.
The weakness was published 09/23/2020. This vulnerability is handled as CVE-2020-25601 since 09/16/2020. Technical details are known, but there is no available exploit.
Upgrading eliminates this vulnerability.
Similar entries are available at VDB-161813, VDB-161812, VDB-161811 and VDB-161809. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Affected
- Xen
- Citrix Hypervisor up to 8.2 LTSR
Product
Type
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
09/16/2020 🔍09/23/2020 🔍
09/24/2020 🔍
09/30/2020 🔍
Sources
Status: Not definedCVE: CVE-2020-25601 (🔍)
GCVE (CVE): GCVE-0-2020-25601
GCVE (VulDB): GCVE-100-161810
See also: 🔍
Entry
Created: 09/24/2020 07:46Updated: 09/30/2020 21:43
Changes: 09/24/2020 07:46 (37), 09/30/2020 21:43 (4)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.