VDB
CVE-2020-27674
CVE-2020-27674
PUBLISHED
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
EPSS 0.07% · 22.3th percentile
Risk Scores
EPSS Score
0.07%
22.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | xen | 0, 4.5.1-0ubuntu1, 4.6.0-1ubuntu1 |
| Ubuntu:20.04:LTS | xen | 4.11.3+24-g14b62ab3e5-1ubuntu2.3, 4.9.2-0ubuntu7, 4.11.3+24-g14b62ab3e5-1ubuntu1 |
| Ubuntu:18.04:LTS | xen | 4.9.0-0ubuntu3, 4.9.0-0ubuntu4, 4.9.2-0ubuntu1 |
Exploit Intelligence
- https://xenbits.xen.org/xsa/advisory-286.html (circl)
- GLSA-202011-06 (circl)
- FEDORA-2020-5398bfb466 (circl)
- FEDORA-2020-ec84c1565b (circl)
- FEDORA-2020-6dd36a716c (circl)
- DSA-4804 (circl)
- [oss-security] 20210119 Xen Security Advisory 286 v6 (CVE-2020-27674) - x86 PV guest INVLPG-like flushes may leave stale TLB entries (circl)
Timeline
- Oct 22, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27674 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-286.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27674 third-party-advisory