CVE-2020-27670
Advisory lineage Upstream: 0 Downstream: 21
Modified
Published: 22 Oct 2020, 20:34
Last modified:04 Aug 2024, 16:18
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.04% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Oct 2020, 20:34
Published
Vulnerability first disclosed
04 Aug 2024, 16:18
Last Modified
Vulnerability information updated
Description
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.04%• Percentile: 14%
Techniques & Countermeasures
- CWE-345•Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Systems
- debian•debian_linux
10.0
- fedoraproject•fedora
31
- opensuse•leap
15.1 | 15.2
- xen•xen
≤ 4.14.0
References (8)
- http://xenbits.xen.org/xsa/advisory-347.html
- https://xenbits.xen.org/xsa/advisory-347.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html
- https://security.gentoo.org/glsa/202011-06
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/
- https://www.debian.org/security/2020/dsa-4804
- http://www.openwall.com/lists/oss-security/2021/01/19/9