{"api_version":"1","generated_at":"2026-04-23T03:36:58+00:00","cve":"CVE-2020-25599","urls":{"html":"https://cve.report/CVE-2020-25599","api":"https://cve.report/api/cve/CVE-2020-25599.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-25599","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-25599"},"summary":{"title":"CVE-2020-25599","description":"An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-09-23 22:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-119","CWE-362"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/","name":"FEDORA-2020-f668e579be","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: xen-4.13.1-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202011-06","name":"GLSA-202011-06","refsource":"GENTOO","tags":[],"title":"Xen: Multiple vulnerabilities (GLSA 202011-06) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/","name":"FEDORA-2020-306b84fd07","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: xen-4.14.0-5.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xen.org/xsa/advisory-343.html","name":"https://xenbits.xen.org/xsa/advisory-343.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"XSA-343 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/","name":"FEDORA-2020-d46fe34349","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 31 Update: xen-4.12.3-5.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/","name":"FEDORA-2020-d46fe34349","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: xen-4.12.3-5.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/","name":"FEDORA-2020-f668e579be","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: xen-4.13.1-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html","name":"openSUSE-SU-2020:1608","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:1608-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4769","name":"DSA-4769","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4769-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/","name":"FEDORA-2020-306b84fd07","refsource":"FEDORA","tags":["Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: xen-4.14.0-5.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/12/16/5","name":"[oss-security] 20201216 Xen Security Advisory 343 v5 (CVE-2020-25599) - races with evtchn_reset()","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 343 v5 (CVE-2020-25599) - races with\n evtchn_reset()","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-25599","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25599","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25599","vulnerable":"1","versionEndIncluding":"4.14.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-25599","qid":"198943","title":"Ubuntu Security Notification for Xen Vulnerabilities (USN-5617-1)"},{"cve":"CVE-2020-25599","qid":"500792","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2020-25599","qid":"501512","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2020-25599","qid":"504536","title":"Alpine Linux Security Update for xen"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-25599","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xen.org/xsa/advisory-343.html","refsource":"MISC","name":"https://xenbits.xen.org/xsa/advisory-343.html"},{"refsource":"FEDORA","name":"FEDORA-2020-306b84fd07","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/"},{"refsource":"FEDORA","name":"FEDORA-2020-f668e579be","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/"},{"refsource":"DEBIAN","name":"DSA-4769","url":"https://www.debian.org/security/2020/dsa-4769"},{"refsource":"SUSE","name":"openSUSE-SU-2020:1608","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html"},{"refsource":"FEDORA","name":"FEDORA-2020-d46fe34349","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/"},{"refsource":"GENTOO","name":"GLSA-202011-06","url":"https://security.gentoo.org/glsa/202011-06"},{"refsource":"MLIST","name":"[oss-security] 20201216 Xen Security Advisory 343 v5 (CVE-2020-25599) - races with evtchn_reset()","url":"http://www.openwall.com/lists/oss-security/2020/12/16/5"}]}},"nvd":{"publishedDate":"2020-09-23 22:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-119","CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.14.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"25599","Ordinal":"187015","Title":"CVE-2020-25599","CVE":"CVE-2020-25599","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"25599","Ordinal":"1","NoteData":"An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"25599","Ordinal":"2","NoteData":"2020-09-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"25599","Ordinal":"3","NoteData":"2020-12-16","Type":"Other","Title":"Modified"}]}}}