{"id":"UBUNTU-CVE-2020-25599","details":"An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.","modified":"2026-04-22T14:14:29.775522Z","published":"2020-09-23T22:15:00Z","related":["USN-5617-1"],"upstream":["CVE-2020-25599"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25599"},{"type":"REPORT","url":"https://xenbits.xen.org/xsa/advisory-343.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5617-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-25599"}],"affected":[{"package":{"name":"xen","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xen@4.6.5-0ubuntu1.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.5.1-0ubuntu1","4.5.1-0ubuntu2","4.6.0-1ubuntu1","4.6.0-1ubuntu2","4.6.0-1ubuntu4","4.6.0-1ubuntu4.1","4.6.0-1ubuntu4.2","4.6.0-1ubuntu4.3","4.6.5-0ubuntu1","4.6.5-0ubuntu1.1","4.6.5-0ubuntu1.2","4.6.5-0ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_name":"libxen-4.6","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"libxenstore3.0","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-utils-4.6","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-utils-common","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xenstore-utils","binary_version":"4.6.5-0ubuntu1.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25599.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xen@4.9.2-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.9.0-0ubuntu3","4.9.0-0ubuntu4","4.9.2-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libxen-4.9","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"libxenstore3.0","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-utils-4.9","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-utils-common","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xenstore-utils","binary_version":"4.9.2-0ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25599.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xen@4.11.3+24-g14b62ab3e5-1ubuntu2.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"}]}],"versions":["4.9.2-0ubuntu2","4.9.2-0ubuntu6","4.9.2-0ubuntu7","4.11.3+24-g14b62ab3e5-1ubuntu1","4.11.3+24-g14b62ab3e5-1ubuntu2","4.11.3+24-g14b62ab3e5-1ubuntu2.2"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxendevicemodel1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenevtchn1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenforeignmemory1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxengnttab1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenmisc4.11","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenstore3.0","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxentoolcore1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxentoollog1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-common","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-utils-4.11","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-utils-common","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xenstore-utils","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-25599.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}