VDB

CVE-2020-25596

CVE-2020-25596 PUBLISHED

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.

EPSS 0.09% · 24.9th percentile

Risk Scores

EPSS Score
0.09%
24.9th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSxen0, 4.5.1-0ubuntu1, 4.5.1-0ubuntu2
Ubuntu:20.04:LTSxen0, 4.9.2-0ubuntu7, 4.11.3+24-g14b62ab3e5-1ubuntu1
Ubuntu:18.04:LTSxen4.9.0-0ubuntu3, 4.9.0-0ubuntu4, 4.9.2-0ubuntu1

Exploit Intelligence

Timeline

  • Sep 23, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›