What is the vulnerability ID for this issue in Xen?

The vulnerability ID for this issue in Xen is CVE-2020-27670.

What is the severity of CVE-2020-27670?

The severity of CVE-2020-27670 is high with a CVSS score of 7.8.

How can x86 guest OS users exploit CVE-2020-27670?

x86 guest OS users can exploit CVE-2020-27670 to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges.

Which versions of Xen are affected by CVE-2020-27670?

Xen versions through 4.14.x are affected by CVE-2020-27670.

Where can I find more information about CVE-2020-27670?

You can find more information about CVE-2020-27670 at the following references: [Xen Advisory 347](https://xenbits.xen.org/xsa/advisory-347.html), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2020-27670), [openSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html).

Vulnerability/
CVE-2020-27670

high

7.8

CWE

345

22/10/2020

7/10/2022

CVE-2020-27670

First published: Thu Oct 22 2020(Updated: )

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/xen		4.11.4+107-gef32c7afa2-1 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1
Xen Xen	<=4.14.0
openSUSE Leap	=15.1
openSUSE Leap	=15.2
Fedoraproject Fedora	=31
Debian Debian Linux	=10.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue in Xen?
The vulnerability ID for this issue in Xen is CVE-2020-27670.
What is the severity of CVE-2020-27670?
The severity of CVE-2020-27670 is high with a CVSS score of 7.8.
How can x86 guest OS users exploit CVE-2020-27670?
x86 guest OS users can exploit CVE-2020-27670 to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges.
Which versions of Xen are affected by CVE-2020-27670?
Xen versions through 4.14.x are affected by CVE-2020-27670.
Where can I find more information about CVE-2020-27670?
You can find more information about CVE-2020-27670 at the following references: [Xen Advisory 347](https://xenbits.xen.org/xsa/advisory-347.html), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2020-27670), [openSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html).

collector/security-tracker-debian
collector/nvd-index
agent/references
agent/type
package-manager/debian
vendor/xen
canonical/xen xen
version/xen xen/4.14.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
version/opensuse leap/15.2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.