Risk High
Patch available YES
Number of vulnerabilities 10
CVE ID CVE-2020-25595
CVE-2020-25596
CVE-2020-25597
CVE-2020-25598
CVE-2020-25599
CVE-2020-25600
CVE-2020-25601
CVE-2020-25602
CVE-2020-25603
CVE-2020-25604
CWE ID CWE-908
CWE-399
CWE-362
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Opensuse

Operating systems & Components /
Operating system
Vendor Novell

Security Advisory

1) Use of uninitialized resource

Risk: Medium

CVSSv3:
7.4 [CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25595

CWE-ID:
CWE-908 – Use of Uninitialized Resource

Exploit availability:
No

Description

The vulnerability allows a remote user to escalate privileges on the host operating system.

The vulnerability exists due to PCI passthrough code reading back untrusted values fromhardware registers in Xen. A remote user on a guest operating system can run a specially crafted program to obtain potentially sensitive information from memory and crash Xen or escalate privileges on the hypervisor.

The vulnerability affects x86 systems with PCI passthrough support.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

Risk: Medium

CVSSv3:
6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25597

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due a login error in the handling of event channel operations in Xen, which assumes that an event channel, once valid, will not become invalid over the life time of a guest.An unprivileged guest may be able to crash Xen by resetting of all event channels.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

Risk: Medium

CVSSv3:
6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25598

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing unlock in XENMEM_acquire_resource error path in Xen. A malicious HVM stubdomain can cause an RCU reference to be leaked.  This causes subsequent administration operations, (e.g. CPU offline) to livelock, resulting in a host denial of service.

The vulnerability only affects VMs using HVM stubdomains.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

Risk: Medium

CVSSv3:
6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25600

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones.  32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model.  The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties.  At the point domains get recognized as 32-bit ones, the limit didn’t get updated accordingly.

Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail.  Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure.

As a result, an unprivileged guest may cause another domain, in particular Domain 0, to misbehave, leading to denial of service of the host system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

Risk: Medium

CVSSv3:
6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25601

CWE-ID:
CWE-400 – Uncontrolled Resource Consumption (‘Resource Exhaustion’)

Exploit availability:
No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The
vulnerability exists due to improper management of internal resources
within the application, as the FIFO event channel model allows guests to
have a large number of event channels active at a time.  Closing all of
these when resetting all event channels or when cleaning up after the
guest may take extended periods of time.  So far there was no
arrangement for preemption at suitable intervals, allowing a CPU to
spend an almost unbounded amount of time in the processing of these
operations. A remote user can consume all available CPU resources and
perform a denial of service (DoS) attack of the entire host system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

Risk: Medium

CVSSv3:
5.9 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25602

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing guest requests to the “MISC_ENABLE MSR” register in Xen. A remote privileged PV guest can run a specially crafted program and crash Xen.

Only non-non-Intel x86 systems are affected.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

Risk: Medium

CVSSv3:
6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-25603

CWE-ID:
CWE-399 – Resource Management Errors

Exploit availability:
No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to event channels control structures can be accessed lockless as long as the port is considered to be valid. Such sequence is missing appropriate memory barrier (e.g smp_*mb()) to prevent both the compiler and CPU to re-order access. A malicious guest may be able to cause a hypervisor crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse:
15.2

CPE

External links

https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



Source link

Is your business effected by Cyber Crime?

If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.

Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/

Europe +31558448040
UK +44 20 8089 9944
ASIA +85239733884