Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-15563

Date: July 7, 2020

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Xen versions from 4.8 onwards are affected. Xen versions 4.7 and earlier are not affected. Only x86 systems are affected. Arm systems are not affected. Only x86 HVM guests using shadow paging can leverage the vulnerability. In addition, there needs to be an entity actively monitoring a guest's video frame buffer (typically for display purposes) in order for such a guest to be able to leverage the vulnerability. x86 PV guests, as well as x86 HVM guests using hardware assisted paging (HAP), cannot leverage the vulnerability.

Language: C

Severity Score

Related Resources (13)

https://security-tracker.debian.org/tracker/CVE-2020-15563
https://www.debian.org/security/2020/dsa-4723
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html
http://xenbits.xen.org/xsa/advisory-319.html
http://www.openwall.com/lists/oss-security/2020/07/07/3
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-15563
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXESCOVI7AVRNC7HEAMFM7PMEO6D3AUH/
https://nvd.nist.gov/vuln/detail/CVE-2020-15563
https://security.gentoo.org/glsa/202007-02
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VB3QJJZV23Z2IDYEMIHELWYSQBUEW6JP/
https://security.alpinelinux.org/vuln/CVE-2020-15563
https://www.mend.io/vulnerability-database/CVE-2020-15563

Severity Score

Weakness Type (CWE)

Buffer Errors

CWE-119

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us