Lucene search

MitreCVE-2020-27672

HistoryOct 22, 2020 - 9:15 p.m.

CVE-2020-27672

2020-10-2221:15:13

CWE-362

CWE-416

mitre

web.nvd.nist.gov

146

xen

cve-2020-27672

x86

guest os

host os

denial of service

data corruption

privilege escalation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

14.2%

JSON

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

Affected configurations

Nvd

Node

xenxenRange3.2.0–4.14.0x86

Node

fedoraprojectfedoraMatch31

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen:::::::x86:*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*
opensuse	leap	15.2	cpe:2.3:o:opensuse:leap:15.2:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*