Vulnerability CVE-2020-27674

Vulnerability Name:

CVE-2020-27674 (CCN-190234)

Assigned:

2020-10-20

Published:

2020-10-20

Updated:

2022-04-26

Summary:

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2020-27674

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210119 Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries

Source: CCN
Type: Xen Security Advisory XSA-286
x86 PV guest INVLPG-like flushes may leave stale TLB entries

Source: XF
Type: UNKNOWN
xen-invlpglike-priv-esc(190234)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-ec84c1565b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-5398bfb466

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-6dd36a716c

Source: GENTOO
Type: Third Party Advisory
GLSA-202011-06

Source: DEBIAN
Type: Third Party Advisory
DSA-4804

Source: MISC
Type: Patch, Vendor Advisory
https://xenbits.xen.org/xsa/advisory-286.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:x86:* (Version <= 4.14.0)

Configuration 2:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7942	P	libkpathsea6-6.3.3-150400.29.15 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7893	P	gnome-autoar-devel-0.4.1-150400.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:635	P	Security update for rubygem-activesupport-5_1 (Moderate) (in QA)	2022-09-29
oval:org.opensuse.security:def:5325	P	Security update for zlib (Important)	2022-08-18
oval:org.opensuse.security:def:94464	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3352	P	res-signingkeys-3.0.42-52.38.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3182	P	libgypsy0-0.9-6.22 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95149	P	redis-6.2.6-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:336	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:101862	P	Security update for libarchive (Moderate)	2022-03-24
oval:org.opensuse.security:def:113591	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106977	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96709	P	libvorbis-devel-1.3.6-4.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96711	P	libwavpack1-5.1.0-4.3.5 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96712	P	libwireshark9-2.4.14-3.25.2 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:1265	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:63385	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101411	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2296	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101112	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101177	P	libXp6-32bit-1.0.3-1.24 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72095	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62354	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:39594	P	Security update for xen (Important)	2021-01-07
oval:org.opensuse.security:def:44024	P	Security update for xen (Important)	2021-01-07
oval:org.opensuse.security:def:29303	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:55779	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:82510	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:29956	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:83163	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:54689	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:81025	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:21352	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:51090	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:28866	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:55126	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:82073	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:23102	P	Security update for xen (Important)	2020-12-10
oval:org.opensuse.security:def:41031	P	Security update for xen (Important)	2020-12-09
oval:org.opensuse.security:def:45461	P	Security update for xen (Important)	2020-12-09
oval:org.opensuse.security:def:41883	P	Security update for xen (Important)	2020-12-08
oval:org.opensuse.security:def:46313	P	Security update for xen (Important)	2020-12-08
oval:org.opensuse.security:def:87288	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:32005	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:58647	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:89356	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:23482	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:51857	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:85549	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:126674	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:110361	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:56908	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:88082	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:32824	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:59443	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:23869	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:86026	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:127071	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:31085	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:57385	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:88391	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:84078	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:33620	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:59701	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:86469	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:31562	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:57828	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:89098	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:51470	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:84533	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:125502	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:33878	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:10027	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:69413	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:110902	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:8529	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:70167	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:9273	P	Security update for xen (Important)	2020-12-04
oval:org.opensuse.security:def:104075	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:91121	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:66414	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:108528	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:75482	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:96023	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:104776	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:91776	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:117358	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:66690	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:97385	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:109379	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:75758	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:64271	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:105416	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:73393	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:118475	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:5601	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:68982	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:98086	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:90420	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:64441	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:102713	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:107843	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:73563	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:69031	P	Security update for xen (Important)	2020-12-03
oval:org.opensuse.security:def:98726	P	Security update for xen (Important)	2020-12-03

BACK