QwikSec

Security Database

CVE

CWE

Training

CVE-2020-15852

Published: Jul 20, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://xenbits.xen.org/xsa/advisory-329.html

x_refsource_MISC

https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2

x_refsource_MISC

[oss-security] 20200721 Xen Security Advisory 329 v3 (CVE-2020-15852) - Linux ioperm bitmap context switching issues

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20200810-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.