Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2021-02709

Опубликовано: 14 апр. 2020
Источник: fstec
CVSS3: 5.5
CVSS2: 4.6
EPSS Низкий

Описание

Уязвимость компонента GNTTABOP_map_grant гипервизора Xen связаны с ошибками возвращаемых значений. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Вендор

Novell Inc.
Fedora Project
Сообщество свободного программного обеспечения
The Linux Foundation

Наименование ПО

OpenSUSE Leap
Fedora
Debian GNU/Linux
Xen

Версия ПО

15.1 (OpenSUSE Leap)
30 (Fedora)
10 (Debian GNU/Linux)
31 (Fedora)
32 (Fedora)
4.13.0 rc1 (Xen)
4.13.0 rc2 (Xen)
до 4.13.0 включительно (Xen)

Тип ПО

Операционная система
ПО виртуализации/ПО виртуального программно-аппаратного средства

Операционные системы и аппаратные платформы

Novell Inc. OpenSUSE Leap 15.1
Fedora Project Fedora 30
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Fedora Project Fedora 31
Fedora Project Fedora 32

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,6)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Xen:
http://xenbits.xen.org/xsa/advisory-316.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
Для Debian GNU/Linux:
https://www.debian.org/security/2020/dsa-4723
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 27%
0.00094
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2020-11743

CVSS3: 5.5
ubuntu
почти 6 лет назад

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

redhat логотип

CVE-2020-11743

CVSS3: 5.9
redhat
почти 6 лет назад

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

nvd логотип

CVE-2020-11743

CVSS3: 5.5
nvd
почти 6 лет назад

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

debian логотип

CVE-2020-11743

CVSS3: 5.5
debian
почти 6 лет назад

An issue was discovered in Xen through 4.13.x, allowing guest OS users ...

github логотип

GHSA-ff8p-26v5-2cw5

github
больше 3 лет назад

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

EPSS

Процентиль: 27%
0.00094
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2