CVE-2020-25604

NameCVE-2020-25604
DescriptionAn issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4769-1
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12vulnerable
buster4.11.4+24-gddaaccbbab-1~deb10u1vulnerable
buster (security)4.11.4+37-g3263f257ca-1fixed
bullseye, sid4.11.4+24-gddaaccbbab-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcestretch(unfixed)end-of-life
xensourcebuster4.11.4+37-g3263f257ca-1DSA-4769-1
xensource(unstable)(unfixed)

Notes

[stretch] - xen <end-of-life> (DSA 4602-1)
https://xenbits.xen.org/xsa/advisory-336.html

Search for package or bug name: Reporting problems