CVE - CVE-2020-11739

CVE-ID
CVE-2020-11739	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://xenbits.xen.org/xsa/advisory-314.html DEBIAN:DSA-4723 URL:https://www.debian.org/security/2020/dsa-4723 FEDORA:FEDORA-2020-295ed0b1e0 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ FEDORA:FEDORA-2020-440457afe4 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ FEDORA:FEDORA-2020-cbc3149753 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ GENTOO:GLSA-202005-08 URL:https://security.gentoo.org/glsa/202005-08 MISC:https://xenbits.xen.org/xsa/advisory-314.html MLIST:[oss-security] 20200414 Xen Security Advisory 314 v3 (CVE-2020-11739) - Missing memory barriers in read-write unlock paths URL:http://www.openwall.com/lists/oss-security/2020/04/14/2 SUSE:openSUSE-SU-2020:0599 URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
Assigning CNA
MITRE Corporation
Date Record Created
20200414	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200414)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)