CVE-2020-11742 : An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.

Published 2020-04-14 13:15:13

Updated 2020-07-13 16:15:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2020-11742

XEN » XEN
Versions up to, including, (<=) 4.13.0
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.13.0 Update RC1
cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*
Matching versions
XEN » XEN » Version: 4.13.0 Update RC2
cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-11742

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11742

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2020-11742

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/

[SECURITY] Fedora 32 Update: xen-4.13.0-7.fc32 - package-announce - Fedora Mailing-Lists
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/

[SECURITY] Fedora 30 Update: xen-4.11.4-1.fc30 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
http://xenbits.xen.org/xsa/advisory-318.html

XSA-318 - Xen Security Advisories
Patch;Vendor Advisory
https://www.debian.org/security/2020/dsa-4723

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2020/04/14/4

oss-security - Xen Security Advisory 318 v3 (CVE-2020-11742) - Bad continuation handling in GNTTABOP_copy
Mitigation;Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html

[security-announce] openSUSE-SU-2020:0599-1: important: Security update

CVEs referencing this url
https://xenbits.xen.org/xsa/advisory-318.html

XSA-318 - Xen Security Advisories
Patch;Vendor Advisory
https://security.gentoo.org/glsa/202005-08

Xen: Multiple vulnerabilities (GLSA 202005-08) — Gentoo security

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11742

Products affected by CVE-2020-11742

Exploit prediction scoring system (EPSS) score for CVE-2020-11742

CVSS scores for CVE-2020-11742

References for CVE-2020-11742