Bug 1880156 (CVE-2020-25600)
Summary: | CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, ailan, bhu, bmasney, brdeoliv, dhoward, drjones, dvlasenk, fhrbata, hkrzesin, imammedo, jforbes, jshortt, jstancek, knoel, m.a.young, mrezanin, nmurray, pbonzini, ptalbert, robinlee.sysu, rvrbovsk, security-response-team, vkuznets, xen-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in Xen. Misbehavior during domain initialization, where 32-bit domains (including Domain 0) servicing other domains, may observe event channel allocations to succeed when they should fail. Subsequent use of such event channels leads to the corruption of other parts of the shared information structure. This flaw allows an unprivileged guest to crash another domain, particularly Domain 0, leading to a denial of service (DoS) for the entire system. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-22 20:41:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1881582 | ||
Bug Blocks: | 1877386 |
Description
Guilherme de Almeida Suckevicz
2020-09-17 19:36:31 UTC
Acknowledgments: Name: the Xen project Mitigation: There is no known workaround for x86 32-bit Domain 0. The issue can be avoided by reducing the number of event channels available to the guest to no more than 1023. For example, setting `max_event_channels=1023` in the xl domain configuration, or deleting any existing setting (since 1023 is the default for xl/libxl). Created xen tracking bugs for this issue: Affects: fedora-all [bug 1881582] This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25600 External References: https://xenbits.xen.org/xsa/advisory-342.html Statement: All Xen versions from 4.4 onwards are vulnerable. Red Hat Enterprise Linux 5 is not affected by this flaw, as it shipped with an older version of Xen. |