CVE-2020-15564

MEDIUM

Xen < 4.13.1 - Denial of Service via Misaligned VCPUOP_register_vcpu_info Hypercall

Title source: llm
STIX 2.1

Description

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.

References (6)

Core 6
Core References
Patch, Third Party Advisory x_refsource_misc
http://xenbits.xen.org/xsa/advisory-327.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/07/5
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4723
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202007-02

Scores

CVSS v3 6.5
EPSS 0.0008
EPSS Percentile 23.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-119
Status published
Products (4)
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
xen/xen 4.8.0 - 4.13.1
Published Jul 07, 2020
Tracked Since Feb 18, 2026