{"id":"USN-5617-1","summary":"xen vulnerabilities","details":"It was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY\nread operations on Intel client and Xeon E3 processors may be briefly\nexposed to processes on the same or different processor cores. A local\nattacker could use this to expose sensitive information. (CVE-2020-0543)\n\nJulien Grall discovered that Xen incorrectly handled memory barriers on\nARM-based systems. An attacker could possibly use this issue to cause a\ndenial of service, obtain sensitive information or escalate privileges.\n(CVE-2020-11739)\n\nIlja Van Sprundel discovered that Xen incorrectly handled profiling of\nguests. An unprivileged attacker could use this issue to obtain sensitive\ninformation from other guests, cause a denial of service or possibly gain\nprivileges. (CVE-2020-11740, CVE-2020-11741)\n\nIt was discovered that Xen incorrectly handled grant tables. A malicious\nguest could possibly use this issue to cause a denial of service.\n(CVE-2020-11742, CVE-2020-11743)\n\nJan Beulich discovered that Xen incorrectly handled certain code paths. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2020-15563)\n\nJulien Grall discovered that Xen incorrectly verified memory addresses\nprovided by the guest on ARM-based systems. A malicious guest administrator\ncould possibly use this issue to cause a denial of service. (CVE-2020-15564)\n\nRoger Pau Monné discovered that Xen incorrectly handled caching on x86 Intel\nsystems. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2020-15565)\n\nIt was discovered that Xen incorrectly handled error in event-channel port\nallocation. A malicious guest could possibly use this issue to cause a\ndenial of service. (CVE-2020-15566)\n\nJan Beulich discovered that Xen incorrectly handled certain EPT (Extended\nPage Tables).  An attacker could possibly use this issue to cause a denial\nof service, data corruption or privilege escalation. (CVE-2020-15567)\n\nAndrew Cooper discovered that Xen incorrectly handled PCI passthrough.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2020-25595)\n\nAndrew Cooper discovered that Xen incorrectly sanitized path injections.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2020-25596)\n\nJan Beulich discovered that Xen incorrectly handled validation of event\nchannels. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2020-25597)\n\nJulien Grall and Jan Beulich discovered that Xen incorrectly handled\nresetting event channels. An attacker could possibly use this issue to\ncause a denial of service or obtain sensitive information. (CVE-2020-25599)\n\nJulien Grall discovered that Xen incorrectly handled event channels\nmemory allocation on 32-bits domains. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2020-25600)\n\nJan Beulich discovered that Xen incorrectly handled resetting or cleaning\nup event channels. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2020-25601)\n\nAndrew Cooper discovered that Xen incorrectly handled certain Intel\nspecific MSR (Model Specific Registers). An attacker could possibly use\nthis issue to cause a denial of service. (CVE-2020-25602)\n\nJulien Grall discovered that Xen incorrectly handled accessing/allocating\nevent channels. An attacker could possibly use this issue to cause a\ndenial of service, obtain sensitive information of privilege escalation.\n(CVE-2020-25603)\n\nIgor Druzhinin discovered that Xen incorrectly handled locks. An attacker\ncould possibly use this issue to cause a denial of service. (CVE-2020-25604)\n","modified":"2026-02-10T04:42:46Z","published":"2022-09-19T16:56:10Z","related":["UBUNTU-CVE-2020-0543","UBUNTU-CVE-2020-11739","UBUNTU-CVE-2020-11740","UBUNTU-CVE-2020-11741","UBUNTU-CVE-2020-11742","UBUNTU-CVE-2020-11743","UBUNTU-CVE-2020-15563","UBUNTU-CVE-2020-15564","UBUNTU-CVE-2020-15565","UBUNTU-CVE-2020-15566","UBUNTU-CVE-2020-15567","UBUNTU-CVE-2020-25595","UBUNTU-CVE-2020-25596","UBUNTU-CVE-2020-25597","UBUNTU-CVE-2020-25599","UBUNTU-CVE-2020-25600","UBUNTU-CVE-2020-25601","UBUNTU-CVE-2020-25602","UBUNTU-CVE-2020-25603","UBUNTU-CVE-2020-25604"],"upstream":["CVE-2020-0543","CVE-2020-11739","CVE-2020-11740","CVE-2020-11741","CVE-2020-11742","CVE-2020-11743","CVE-2020-15563","CVE-2020-15564","CVE-2020-15565","CVE-2020-15566","CVE-2020-15567","CVE-2020-25595","CVE-2020-25596","CVE-2020-25597","CVE-2020-25599","CVE-2020-25600","CVE-2020-25601","CVE-2020-25602","CVE-2020-25603","CVE-2020-25604","UBUNTU-CVE-2020-0543","UBUNTU-CVE-2020-11739","UBUNTU-CVE-2020-11740","UBUNTU-CVE-2020-11741","UBUNTU-CVE-2020-11742","UBUNTU-CVE-2020-11743","UBUNTU-CVE-2020-15563","UBUNTU-CVE-2020-15564","UBUNTU-CVE-2020-15565","UBUNTU-CVE-2020-15566","UBUNTU-CVE-2020-15567","UBUNTU-CVE-2020-25595","UBUNTU-CVE-2020-25596","UBUNTU-CVE-2020-25597","UBUNTU-CVE-2020-25599","UBUNTU-CVE-2020-25600","UBUNTU-CVE-2020-25601","UBUNTU-CVE-2020-25602","UBUNTU-CVE-2020-25603","UBUNTU-CVE-2020-25604"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5617-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-0543"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11739"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11740"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11741"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11742"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11743"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15563"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15564"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15566"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15567"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25595"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25596"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25597"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25599"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25600"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25601"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25602"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25603"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25604"}],"affected":[{"package":{"name":"xen","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xen@4.11.3+24-g14b62ab3e5-1ubuntu2.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"}]}],"versions":["4.9.2-0ubuntu2","4.9.2-0ubuntu6","4.9.2-0ubuntu7","4.11.3+24-g14b62ab3e5-1ubuntu1","4.11.3+24-g14b62ab3e5-1ubuntu2","4.11.3+24-g14b62ab3e5-1ubuntu2.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxen-dev"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxencall1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxendevicemodel1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenevtchn1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenforeignmemory1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxengnttab1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenmisc4.11"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxenstore3.0"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxentoolcore1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"libxentoollog1"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.11-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-4.9-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-hypervisor-common"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-amd64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-arm64"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-system-armhf"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-utils-4.11"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xen-utils-common"},{"binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3","binary_name":"xenstore-utils"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-0543"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11739"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11740"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11741"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11742"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-11743"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-15563"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-15564"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-15565"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-15566"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-15567"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25595"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25596"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25597"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25599"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25600"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25601"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25602"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25603"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25604"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5617-1.json"}}],"schema_version":"1.7.3"}