DEBIAN-CVE-2020-11743
- Source
- https://security-tracker.debian.org/tracker/CVE-2020-11743
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2020-11743.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2020-11743
- Upstream
- Published
- 2020-04-14T13:15:12Z
- Modified
- 2025-09-25T02:08:34.626046Z
- Summary
- [none]
- Details
-
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOPmapgrant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.
- References
Affected packages
Debian:11 / xen
Package
- Name
- xen
- Purl
- pkg:deb/debian/xen?arch=source
Debian:12 / xen
Package
- Name
- xen
- Purl
- pkg:deb/debian/xen?arch=source
Debian:13 / xen
Package
- Name
- xen
- Purl
- pkg:deb/debian/xen?arch=source
Debian:14 / xen
Package
- Name
- xen
- Purl
- pkg:deb/debian/xen?arch=source