{ "threat_severity" : "Moderate", "public_date" : "2020-04-14T00:00:00Z", "bugzilla" : { "description" : "xen: bad error path in GNTTABOP_map_grant (XSA-316)", "id" : "1823925", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1823925" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "draft" }, "cwe" : "CWE-393", "details" : [ "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.", "A flaw was found in Xen through versions 4.13.x. Grant table operations are expected to return 0 for success and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialized state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path which will crash a Linux based dom0 or backend domain. The highest threat from this vulnerability is to data confidentiality." ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel-xen", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-11743\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11743" ], "name" : "CVE-2020-11743", "csaw" : false }