CVE-2020-27674 : An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying ke

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

Published 2020-10-22 21:15:14

Updated 2022-04-26 16:29:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2020-27674

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-27674

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	1.8	3.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2020-27674

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-27674

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3U4LNKKXU4UP4Z5XP6TMIWSML3QODPE/

[SECURITY] Fedora 32 Update: xen-4.13.2-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/01/19/5

oss-security - Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries
Mailing List;Third Party Advisory
https://www.debian.org/security/2020/dsa-4804

Debian -- Security Information -- DSA-4804-1 xen
Third Party Advisory

CVEs referencing this url
https://xenbits.xen.org/xsa/advisory-286.html

XSA-286 - Xen Security Advisories
Patch;Vendor Advisory
https://security.gentoo.org/glsa/202011-06

Xen: Multiple vulnerabilities (GLSA 202011-06) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/

[SECURITY] Fedora 31 Update: xen-4.12.3-8.fc31 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZAM3LYJ5TZLSSNL3KXFILM46QKVTOUA/

[SECURITY] Fedora 33 Update: xen-4.14.0-9.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

Products affected by CVE-2020-27674

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
XEN » XEN » For X86
Versions up to, including, (<=) 4.14.0
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
Matching versions
Fedoraproject » Fedora » Version: 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-27674

Exploit prediction scoring system (EPSS) score for CVE-2020-27674

CVSS scores for CVE-2020-27674

CWE ids for CVE-2020-27674

References for CVE-2020-27674

Products affected by CVE-2020-27674