CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

Published: Oct 22, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-27674
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
xen / xen	-	4.14.0.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
debian / debian_linux	10.0	10.0.x

http://www.openwall.com/lists/oss-security/2021/01/19/5
https://lists.fedoraproject.org/archives/list/[email protected]/message/PZAM3LYJ5TZLSSNL3KXFILM46QKVTOUA/
https://lists.fedoraproject.org/archives/list/[email protected]/message/U3U4LNKKXU4UP4Z5XP6TMIWSML3QODPE/
https://lists.fedoraproject.org/archives/list/[email protected]/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZAM3LYJ5TZLSSNL3KXFILM46QKVTOUA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3U4LNKKXU4UP4Z5XP6TMIWSML3QODPE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/
https://security.gentoo.org/glsa/202011-06
https://www.debian.org/security/2020/dsa-4804
https://xenbits.xen.org/xsa/advisory-286.html

Vulnerability Database

289,782

CVE-2020-27674