CVE & CISA-KEV Catalog

CVE-2020-25595

HIGH
7.8
CVSS v3
NVD

Description

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

How to fix

Remediation Available
xenDebian
Fixed in:4.14.0+80-gd101b417b7-1CVE-2020-25595
Fixed in:4.14.0+80-gd101b417b7-1CVE-2020-25595
Fixed in:4.14.0+80-gd101b417b7-1CVE-2020-25595
Fixed in:4.14.0+80-gd101b417b7-1CVE-2020-25595
libxendevicemodel1Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
libxenevtchn1Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
libxengnttab1Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
libxenmisc4.11Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xenUbuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xen-hypervisor-4.11-amd64Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xen-hypervisor-4.11-arm64Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xen-hypervisor-4.11-armhfUbuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xen-utils-4.11Ubuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xen-utils-commonUbuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1
xenstore-utilsUbuntu
Fixed in:4.11.3+24-g14b62ab3e5-1ubuntu2.3USN-5617-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.37%probability of exploitation in 30 days
29thpercentile

Low risk: more likely to be exploited than 29% of all known CVEs.

References

Related Vulnerabilities

Other CWE-269 (Improper Privilege Management) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2017-12635Critical9.8100%-Fix
CVE-2022-24637Critical9.899%-Fix
CVE-2017-5689Critical9.892%KEVFix
CVE-2020-3243Critical9.888%--
CVE-2024-21888High8.887%--
CVE-2022-0441Critical9.885%-Fix
Embed a live status badge for CVE-2020-25595
CVE-2020-25595 severity badge

Markdown

[![CVE-2020-25595](https://tridentstack.com/cve/badge/CVE-2020-25595.svg)](https://tridentstack.com/cve/CVE-2020-25595)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-25595"><img src="https://tridentstack.com/cve/badge/CVE-2020-25595.svg" alt="CVE-2020-25595"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.