Ubuntu update for xen



| Updated: 2022-10-19
Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2020-0543
CVE-2020-11739
CVE-2020-11740
CVE-2020-11741
CVE-2020-11742
CVE-2020-11743
CVE-2020-15563
CVE-2020-15564
CVE-2020-15565
CVE-2020-15566
CVE-2020-15567
CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25602
CVE-2020-25603
CVE-2020-25604
CWE-ID CWE-200
CWE-119
CWE-862
CWE-252
CWE-755
CWE-822
CWE-399
CWE-264
CWE-362
CWE-908
CWE-400
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #11 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

libxenevtchn1 (Ubuntu package)
Operating systems & Components / Operating system package or component

xen-utils-common (Ubuntu package)
Operating systems & Components / Operating system package or component

xen-hypervisor-4.11-arm64 (Ubuntu package)
Operating systems & Components / Operating system package or component

xen-utils-4.11 (Ubuntu package)
Operating systems & Components / Operating system package or component

xenstore-utils (Ubuntu package)
Operating systems & Components / Operating system package or component

libxendevicemodel1 (Ubuntu package)
Operating systems & Components / Operating system package or component

libxenmisc4.11 (Ubuntu package)
Operating systems & Components / Operating system package or component

xen-hypervisor-4.11-armhf (Ubuntu package)
Operating systems & Components / Operating system package or component

xen-hypervisor-4.11-amd64 (Ubuntu package)
Operating systems & Components / Operating system package or component

libxengnttab1 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU28928

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0543

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to incomplete cleanup from specific special register read operations in some Intel(R) Processors. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU31973

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11739

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS).

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU31974

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11740

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Missing Authorization

EUVDB-ID: #VU31975

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11741

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. A remote user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Unchecked Return Value

EUVDB-ID: #VU31971

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11742

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to introduction of unexpected behavior in the fix for CVE-2017-1213 that caused bad continuation handling in GNTTABOP_copy. A remote user can crash the hypervisor.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Handling of Exceptional Conditions

EUVDB-ID: #VU31972

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11743

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Untrusted Pointer Dereference

EUVDB-ID: #VU29601

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-15563

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inverted code paths in x86 dirty VRAM tracking in Xen. An attacker with access to HVM guest operating system can crash the hypervisor.

Note: the vulnerability affects x86 systems only.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Resource management error

EUVDB-ID: #VU29599

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-15564

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing alignment check in VCPUOP_register_vcpu_info hypercall in Xen. A attacker with privileged access to guest operating system can crash the hypervisor.

Note: the vulnerability affects Arm systems only.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU29600

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-15565

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system or perform a denial of service attack.

The vulnerability exists due to application does not properly impose security restrictions. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose.

Successful exploitation of the vulnerability may allows privileges escalation on the host operating system.

Note: the vulnerability affects Intel x86 systems only.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Resource management error

EUVDB-ID: #VU29602

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-15566

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in event-channel port allocation in Xen. An attacker with access to guest operating system can consume more than 1023 event channels and crash the hypervisor.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Race condition

EUVDB-ID: #VU29598

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-15567

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper management of internal resources in Xen. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes. Depending on the compiler version and optimisation flags, Xen might expose a dangerous partially written PTE to the hardware, which an attacker might be able to race to exploit. An attacker with access to guest operating system can perform a denial of service (DoS) attack or escalate privileges on the host operating system.

Note: the vulnerability can be exploited only on systems with Intel processors.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Use of uninitialized resource

EUVDB-ID: #VU46972

Risk: Medium

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25595

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the host operating system.

The vulnerability exists due to PCI passthrough code reading back untrusted values fromhardware registers in Xen. A remote user on a guest operating system can run a specially crafted program to obtain potentially sensitive information from memory and crash Xen or escalate privileges on the hypervisor.

The vulnerability affects x86 systems with PCI passthrough support.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU46979

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25596

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within guest VM when processing state sanitization activities. A local user or application on the guest operating system can abuse SYSENTER to cause a crash of the guest VM.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU46978

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25597

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due a login error in the handling of event channel operations in Xen, which assumes that an event channel, once valid, will not become invalid over the life time of a guest.An unprivileged guest may be able to crash Xen by resetting of all event channels.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Race condition

EUVDB-ID: #VU46983

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25599

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77). A remote user on the PV guest can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the host system.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU46981

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25600

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones.  32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model.  The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties.  At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly.

Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail.  Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure.

As a result, an unprivileged guest may cause another domain, in particular Domain 0, to misbehave, leading to denial of service of the host system.




Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource exhaustion

EUVDB-ID: #VU46984

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25601

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application, as the FIFO event channel model allows guests to have a large number of event channels active at a time.  Closing all of these when resetting all event channels or when cleaning up after the guest may take extended periods of time.  So far there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. A remote user can consume all available CPU resources and perform a denial of service (DoS) attack of the entire host system.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU46968

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25602

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing guest requests to the "MISC_ENABLE MSR" register in Xen. A remote privileged PV guest can run a specially crafted program and crash Xen.

Only non-non-Intel x86 systems are affected.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU46980

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25603

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to event channels control structures can be accessed lockless as long as the port is considered to be valid. Such sequence is missing appropriate memory barrier (e.g smp_*mb()) to prevent both the compiler and CPU to re-order access. A malicious guest may be able to cause a hypervisor crash.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Race condition

EUVDB-ID: #VU46970

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25604

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (Dos) attack.

The vulnerability exists due to a race condition when migrating timers between x86 HVM vCPU-s in Xen. A remote user on a guest operating system can run a specially crafted program to crash the hypervisor.

Mitigation

Update the affected package xen to the latest version.

Vulnerable software versions

Ubuntu: 20.04

libxenevtchn1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-common (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-arm64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-utils-4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xenstore-utils (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxendevicemodel1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxenmisc4.11 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-armhf (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

xen-hypervisor-4.11-amd64 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

libxengnttab1 (Ubuntu package): before 4.11.3+24-g14b62ab3e5-1ubuntu2.3

CPE2.3 External links

http://ubuntu.com/security/notices/USN-5617-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###