CVE-2020-29482

CVE-2020-29482

Name

CVE-2020-29482

Description

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored imposes a pathname limit that is applied solely to the relative or absolute path specified by the client. Therefore, a guest can create paths in its own namespace which are too long for management tools to access. Depending on the toolstack in use, a malicious guest administrator might cause some management tools and debugging operations to fail. For example, a guest administrator can cause "xenstore-ls -r" to fail. However, a guest administrator cannot prevent the host administrator from tearing down the domain. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://xenbits.xenproject.org/xsa/advisory-323.html
Third Party Advisory	https://www.debian.org/security/2020/dsa-4812
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/

Type

URI

Patch

https://xenbits.xenproject.org/xsa/advisory-323.html

Third Party Advisory

https://www.debian.org/security/2020/dsa-4812

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:xen:xen::::::::`	xen	>= None	<= 4.14.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

xen

>= None

<= 4.14.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.14.1-r0	None	fixed
xen	edge-main	4.14.0-r3	None	possibly vulnerable
xen	edge-main	4.14.0-r2	None	possibly vulnerable
xen	edge-main	4.14.0-r1	None	possibly vulnerable
xen	edge-main	4.13.1-r5	None	possibly vulnerable
xen	edge-main	4.13.1-r4	None	possibly vulnerable
xen	edge-main	4.13.1-r3	None	possibly vulnerable
xen	edge-main	4.13.1-r0	None	possibly vulnerable
xen	edge-main	4.13.0-r3	None	possibly vulnerable
xen	edge-main	4.13.0-r0	None	possibly vulnerable
xen	edge-main	4.12.1-r0	None	possibly vulnerable
xen	edge-main	4.12.0-r2	None	possibly vulnerable
xen	edge-main	4.11.1-r0	None	possibly vulnerable
xen	edge-main	4.11.0-r0	None	possibly vulnerable
xen	edge-main	4.10.1-r1	None	possibly vulnerable
xen	edge-main	4.10.1-r0	None	possibly vulnerable
xen	edge-main	4.10.0-r2	None	possibly vulnerable
xen	edge-main	4.10.0-r1	None	possibly vulnerable
xen	edge-main	4.10-1-r1	None	possibly vulnerable
xen	edge-main	4.9.1-r1	None	possibly vulnerable
xen	edge-main	4.9.0-r7	None	possibly vulnerable
xen	edge-main	4.9.0-r6	None	possibly vulnerable
xen	edge-main	4.9.0-r5	None	possibly vulnerable
xen	edge-main	4.9.0-r4	None	possibly vulnerable
xen	edge-main	4.9.0-r2	None	possibly vulnerable
xen	edge-main	4.9.0-r1	None	possibly vulnerable
xen	edge-main	4.9.0-r0	None	possibly vulnerable
xen	edge-main	4.8.1-r2	None	possibly vulnerable
xen	edge-main	4.7.2-r0	None	possibly vulnerable
xen	edge-main	4.7.1-r5	None	possibly vulnerable
xen	edge-main	4.7.1-r4	None	possibly vulnerable
xen	edge-main	4.7.1-r3	None	possibly vulnerable
xen	edge-main	4.7.1-r1	None	possibly vulnerable
xen	edge-main	4.7.0-r5	None	possibly vulnerable
xen	edge-main	4.7.0-r1	None	possibly vulnerable
xen	edge-main	4.7.0-r0	None	possibly vulnerable
xen	3.22-main	4.14.1-r0	None	fixed
xen	3.22-main	4.14.0-r3	None	possibly vulnerable
xen	3.22-main	4.14.0-r2	None	possibly vulnerable
xen	3.22-main	4.14.0-r1	None	possibly vulnerable
xen	3.22-main	4.13.1-r5	None	possibly vulnerable
xen	3.22-main	4.13.1-r4	None	possibly vulnerable
xen	3.22-main	4.13.1-r3	None	possibly vulnerable
xen	3.22-main	4.13.1-r0	None	possibly vulnerable
xen	3.22-main	4.13.0-r3	None	possibly vulnerable
xen	3.22-main	4.13.0-r0	None	possibly vulnerable
xen	3.22-main	4.12.1-r0	None	possibly vulnerable
xen	3.22-main	4.12.0-r2	None	possibly vulnerable
xen	3.22-main	4.11.1-r0	None	possibly vulnerable
xen	3.22-main	4.11.0-r0	None	possibly vulnerable
xen	3.22-main	4.10.1-r1	None	possibly vulnerable
xen	3.22-main	4.10.1-r0	None	possibly vulnerable
xen	3.22-main	4.10.0-r2	None	possibly vulnerable
xen	3.22-main	4.10.0-r1	None	possibly vulnerable
xen	3.22-main	4.9.1-r1	None	possibly vulnerable
xen	3.22-main	4.9.0-r7	None	possibly vulnerable
xen	3.22-main	4.9.0-r6	None	possibly vulnerable
xen	3.22-main	4.9.0-r5	None	possibly vulnerable
xen	3.22-main	4.9.0-r4	None	possibly vulnerable
xen	3.22-main	4.9.0-r2	None	possibly vulnerable
xen	3.22-main	4.9.0-r1	None	possibly vulnerable
xen	3.22-main	4.9.0-r0	None	possibly vulnerable
xen	3.22-main	4.8.1-r2	None	possibly vulnerable
xen	3.22-main	4.7.2-r0	None	possibly vulnerable
xen	3.22-main	4.7.1-r5	None	possibly vulnerable
xen	3.22-main	4.7.1-r4	None	possibly vulnerable
xen	3.22-main	4.7.1-r3	None	possibly vulnerable
xen	3.22-main	4.7.1-r1	None	possibly vulnerable
xen	3.22-main	4.7.0-r5	None	possibly vulnerable
xen	3.22-main	4.7.0-r1	None	possibly vulnerable
xen	3.22-main	4.7.0-r0	None	possibly vulnerable
xen	3.21-main	4.14.1-r0	None	fixed
xen	3.21-main	4.14.0-r3	None	possibly vulnerable
xen	3.21-main	4.14.0-r2	None	possibly vulnerable
xen	3.21-main	4.14.0-r1	None	possibly vulnerable
xen	3.21-main	4.13.1-r5	None	possibly vulnerable
xen	3.21-main	4.13.1-r4	None	possibly vulnerable
xen	3.21-main	4.13.1-r3	None	possibly vulnerable
xen	3.21-main	4.13.1-r0	None	possibly vulnerable
xen	3.21-main	4.13.0-r3	None	possibly vulnerable
xen	3.21-main	4.13.0-r0	None	possibly vulnerable
xen	3.21-main	4.12.1-r0	None	possibly vulnerable
xen	3.21-main	4.12.0-r2	None	possibly vulnerable
xen	3.21-main	4.11.1-r0	None	possibly vulnerable
xen	3.21-main	4.11.0-r0	None	possibly vulnerable
xen	3.21-main	4.10.1-r1	None	possibly vulnerable
xen	3.21-main	4.10.1-r0	None	possibly vulnerable
xen	3.21-main	4.10.0-r2	None	possibly vulnerable
xen	3.21-main	4.10.0-r1	None	possibly vulnerable
xen	3.21-main	4.9.1-r1	None	possibly vulnerable
xen	3.21-main	4.9.0-r7	None	possibly vulnerable
xen	3.21-main	4.9.0-r6	None	possibly vulnerable
xen	3.21-main	4.9.0-r5	None	possibly vulnerable
xen	3.21-main	4.9.0-r4	None	possibly vulnerable
xen	3.21-main	4.9.0-r2	None	possibly vulnerable
xen	3.21-main	4.9.0-r1	None	possibly vulnerable
xen	3.21-main	4.9.0-r0	None	possibly vulnerable
xen	3.21-main	4.8.1-r2	None	possibly vulnerable
xen	3.21-main	4.7.2-r0	None	possibly vulnerable
xen	3.21-main	4.7.1-r5	None	possibly vulnerable
xen	3.21-main	4.7.1-r4	None	possibly vulnerable
xen	3.21-main	4.7.1-r3	None	possibly vulnerable
xen	3.21-main	4.7.1-r1	None	possibly vulnerable
xen	3.21-main	4.7.0-r5	None	possibly vulnerable
xen	3.21-main	4.7.0-r1	None	possibly vulnerable
xen	3.21-main	4.7.0-r0	None	possibly vulnerable
xen	3.20-main	4.14.1-r0	None	fixed
xen	3.20-main	4.14.0-r3	None	possibly vulnerable
xen	3.20-main	4.14.0-r2	None	possibly vulnerable
xen	3.20-main	4.14.0-r1	None	possibly vulnerable
xen	3.20-main	4.13.1-r5	None	possibly vulnerable
xen	3.20-main	4.13.1-r4	None	possibly vulnerable
xen	3.20-main	4.13.1-r3	None	possibly vulnerable
xen	3.20-main	4.13.1-r0	None	possibly vulnerable
xen	3.20-main	4.13.0-r3	None	possibly vulnerable
xen	3.20-main	4.13.0-r0	None	possibly vulnerable
xen	3.20-main	4.12.1-r0	None	possibly vulnerable
xen	3.20-main	4.12.0-r2	None	possibly vulnerable
xen	3.20-main	4.11.1-r0	None	possibly vulnerable
xen	3.20-main	4.11.0-r0	None	possibly vulnerable
xen	3.20-main	4.10.1-r1	None	possibly vulnerable
xen	3.20-main	4.10.1-r0	None	possibly vulnerable
xen	3.20-main	4.10.0-r2	None	possibly vulnerable
xen	3.20-main	4.10.0-r1	None	possibly vulnerable
xen	3.20-main	4.9.1-r1	None	possibly vulnerable
xen	3.20-main	4.9.0-r7	None	possibly vulnerable
xen	3.20-main	4.9.0-r6	None	possibly vulnerable
xen	3.20-main	4.9.0-r5	None	possibly vulnerable
xen	3.20-main	4.9.0-r4	None	possibly vulnerable
xen	3.20-main	4.9.0-r2	None	possibly vulnerable
xen	3.20-main	4.9.0-r1	None	possibly vulnerable
xen	3.20-main	4.9.0-r0	None	possibly vulnerable
xen	3.20-main	4.8.1-r2	None	possibly vulnerable
xen	3.20-main	4.7.2-r0	None	possibly vulnerable
xen	3.20-main	4.7.1-r5	None	possibly vulnerable
xen	3.20-main	4.7.1-r4	None	possibly vulnerable
xen	3.20-main	4.7.1-r3	None	possibly vulnerable
xen	3.20-main	4.7.1-r1	None	possibly vulnerable
xen	3.20-main	4.7.0-r5	None	possibly vulnerable
xen	3.20-main	4.7.0-r1	None	possibly vulnerable
xen	3.20-main	4.7.0-r0	None	possibly vulnerable
xen	3.19-main	4.14.1-r0	None	fixed
xen	3.19-main	4.14.0-r3	None	possibly vulnerable
xen	3.19-main	4.14.0-r2	None	possibly vulnerable
xen	3.19-main	4.14.0-r1	None	possibly vulnerable
xen	3.19-main	4.13.1-r5	None	possibly vulnerable
xen	3.19-main	4.13.1-r4	None	possibly vulnerable
xen	3.19-main	4.13.1-r3	None	possibly vulnerable
xen	3.19-main	4.13.1-r0	None	possibly vulnerable
xen	3.19-main	4.13.0-r3	None	possibly vulnerable
xen	3.19-main	4.13.0-r0	None	possibly vulnerable
xen	3.19-main	4.12.1-r0	None	possibly vulnerable
xen	3.19-main	4.12.0-r2	None	possibly vulnerable
xen	3.19-main	4.11.1-r0	None	possibly vulnerable
xen	3.19-main	4.11.0-r0	None	possibly vulnerable
xen	3.19-main	4.10.1-r1	None	possibly vulnerable
xen	3.19-main	4.10.1-r0	None	possibly vulnerable
xen	3.19-main	4.10.0-r2	None	possibly vulnerable
xen	3.19-main	4.10.0-r1	None	possibly vulnerable
xen	3.19-main	4.9.1-r1	None	possibly vulnerable
xen	3.19-main	4.9.0-r7	None	possibly vulnerable
xen	3.19-main	4.9.0-r6	None	possibly vulnerable
xen	3.19-main	4.9.0-r5	None	possibly vulnerable
xen	3.19-main	4.9.0-r4	None	possibly vulnerable
xen	3.19-main	4.9.0-r2	None	possibly vulnerable
xen	3.19-main	4.9.0-r1	None	possibly vulnerable
xen	3.19-main	4.9.0-r0	None	possibly vulnerable
xen	3.19-main	4.8.1-r2	None	possibly vulnerable
xen	3.19-main	4.7.2-r0	None	possibly vulnerable
xen	3.19-main	4.7.1-r5	None	possibly vulnerable
xen	3.19-main	4.7.1-r4	None	possibly vulnerable
xen	3.19-main	4.7.1-r3	None	possibly vulnerable
xen	3.19-main	4.7.1-r1	None	possibly vulnerable
xen	3.19-main	4.7.0-r5	None	possibly vulnerable
xen	3.19-main	4.7.0-r1	None	possibly vulnerable
xen	3.19-main	4.7.0-r0	None	possibly vulnerable
xen	3.18-main	4.14.1-r0	None	fixed
xen	3.17-main	4.14.1-r0	None	fixed
xen	3.12-main	4.13.4-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.4-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.4-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.3-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.12-main	4.13.2-r3	None	fixed
xen	3.11-main	4.13.4-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.4-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.3-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.3-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.3-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.11-main	4.13.2-r3	None	fixed
xen	3.10-main	4.12.4-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages