QwikSec

Security Database

CVE

CWE

Training

CVE-2020-11743

Published: Apr 14, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://xenbits.xen.org/xsa/advisory-316.html

x_refsource_MISC

http://xenbits.xen.org/xsa/advisory-316.html

x_refsource_CONFIRM

[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant

mailing-list

x_refsource_MLIST

FEDORA-2020-440457afe4

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-295ed0b1e0

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:0599

vendor-advisory

x_refsource_SUSE

FEDORA-2020-cbc3149753

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.