CVE-2020-27672

NameCVE-2020-27672
DescriptionAn issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12vulnerable
buster4.11.4+24-gddaaccbbab-1~deb10u1vulnerable
buster (security)4.11.4+37-g3263f257ca-1vulnerable
bullseye4.11.4+24-gddaaccbbab-1vulnerable
sid4.14.0+80-gd101b417b7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcestretch(unfixed)end-of-life
xensource(unstable)4.14.0+80-gd101b417b7-1

Notes

[stretch] - xen <end-of-life> (DSA 4602-1)
https://xenbits.xen.org/xsa/advisory-345.html

Search for package or bug name: Reporting problems