DEBIAN-CVE-2020-15564

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-15564

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-15564.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-15564

Upstream

CVE-2020-15564

Published

2020-07-07T13:15:10Z

Modified

2025-09-19T06:06:20Z

Summary

[none]

Details

An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOPregistervcpuinfo. The hypercall VCPUOPregistervcpuinfo is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen address space so it can be directly accessed. On Arm, the region is accessed with instructions that require a specific alignment. Unfortunately, there is no check that the address provided by the guest will be correctly aligned. As a result, a malicious guest could cause a hypervisor crash by passing a misaligned address. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). All Xen versions are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected.

References

https://security-tracker.debian.org/tracker/CVE-2020-15564

Affected packages

Debian:11 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.4+24-gddaaccbbab-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.4+24-gddaaccbbab-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.4+24-gddaaccbbab-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.11.4+24-gddaaccbbab-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}