How severe is CVE-2020-25598?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2020-25598?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2020-25598

MEDIUM Year: 2020

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-670

View all →

Vulnerability Description

An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.

CVE-2021-32684

MEDIUM

CVSS:5.5(Medium)

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the fun...

CWE-6702021

CVE-2024-0313

MEDIUM

CVSS:5.5(Medium)

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass ...

CWE-6702024

CVE-2024-47763

MEDIUM

CVSS:5.5(Medium)

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The run...

CWE-6702024

CVE-2024-53134

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_dat...

CWE-6702024

CVE-2024-35195

MEDIUM

CVSS:5.6(Medium)

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests t...

CWE-6702024

CVE-2020-35477

MEDIUM

CVSS:5.3(Medium)

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggle...

CWE-6702020

CVE-2020-25598

Vulnerability Description

Related Vulnerabilities

CVE-2021-32684

CVE-2024-0313

CVE-2024-47763

CVE-2024-53134

CVE-2024-35195

CVE-2020-35477