SB2020102974 - Fedora 31 update for xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020102974

SB2020102974 - Fedora 31 update for xen

Published: October 29, 2020 Updated: April 25, 2025

Security Bulletin ID SB2020102974
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2020-27674)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local authenticated user to read and manipulate data.

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.


2) Insufficient verification of data authenticity (CVE-ID: CVE-2020-27670)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear


The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.


3) Improper Privilege Management (CVE-ID: CVE-2020-27671)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management within the IOMMU TLB implementation. A local user on a guest OS can escalate privileges on the system by running a specially crafted application.


4) Race condition (CVE-ID: CVE-2020-27672)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.


Remediation

Install update from vendor's website.

References