CVE-2020-27674 Information

Feb 14, 2021 cve

Description

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZAM3LYJ5TZLSSNL3KXFILM46QKVTOUA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3U4LNKKXU4UP4Z5XP6TMIWSML3QODPE/ https://security.gentoo.org/glsa/202011-06 https://xenbits.xen.org/xsa/advisory-286.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.3

Share on: