CVE-2020-25604

CVE-2020-25604 is a medium-severity vulnerability in Xen with a CVSS 3.x base score of 4.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-362.

Key facts

Description

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.

Frequently asked questions

What is CVE-2020-25604?
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.
How severe is CVE-2020-25604?
CVE-2020-25604 has a CVSS 3.x base score of 4.7, rated medium severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2020-25604 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (17th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2020-25604?
CVE-2020-25604 primarily affects Xen. In total, 6 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2020-25604?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2020-25604 published?
CVE-2020-25604 was published on 2020-09-23 and last updated on 2026-06-17.

References

Affected products (6)

More vulnerabilities in Xen

All CVEs affecting Xen →

Other CWE-362 (Race Condition) vulnerabilities

Browse all CWE-362 (Race Condition) vulnerabilities →