CVE-2020-29040

Published: 24/11/2020 Updated: 26/04/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Xen up to and including 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

Debian Bug report logs - #976109 xen: CVE-2020-29040 Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Nov 2020 19:54:01 UTC Severity: grave Tags: security, upstream Found in version xen/4140+80-g ...

A security issue has been identified that may allow privileged code running in a guest VM to compromise the host  This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VMThe issue has the following identifier: ...

CWE-787 CWE-193 https://xenbits.xen.org/xsa/advisory-355.html http://www.openwall.com/lists/oss-security/2021/01/19/4 http://xenbits.xen.org/xsa/advisory-355.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976109 https://nvd.nist.gov https://support.citrix.com/article/CTX286511

CVE-2020-29040

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect