CVE-2020-27673
Vulnerability from cvelistv5
Published
2020-10-22 20:33
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.526Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://xenbits.xen.org/xsa/advisory-332.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "name": "openSUSE-SU-2020:1783", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html" }, { "name": "openSUSE-SU-2020:1844", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html" }, { "name": "GLSA-202011-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202011-06" }, { "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html" }, { "name": "[oss-security] 20210119 Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/19/6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-19T18:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://xenbits.xen.org/xsa/advisory-332.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "name": "openSUSE-SU-2020:1783", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html" }, { "name": "openSUSE-SU-2020:1844", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html" }, { "name": "GLSA-202011-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202011-06" }, { "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html" }, { "name": "[oss-security] 20210119 Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/19/6" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27673", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://xenbits.xen.org/xsa/advisory-332.html", "refsource": "MISC", "url": "https://xenbits.xen.org/xsa/advisory-332.html" }, { "name": "https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070" }, { "name": "openSUSE-SU-2020:1783", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html" }, { "name": "openSUSE-SU-2020:1844", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html" }, { "name": "GLSA-202011-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-06" }, { "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html" }, { "name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html" }, { "name": "[oss-security] 20210119 Xen Security Advisory 332 v4 (CVE-2020-27673) - Rogue guests can cause DoS of Dom0 via high frequency events", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/01/19/6" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27673", "datePublished": "2020-10-22T20:33:26", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-04T16:18:45.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-27673\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-10-22T21:15:14.013\",\"lastModified\":\"2024-11-21T05:21:38.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.9.1, como es usado con Xen versiones hasta 4.14.x.\u0026#xa0;Los usuarios del Sistema Operativo invitado pueden causar una denegaci\u00f3n de servicio (suspensi\u00f3n del Sistema Operativo host) por medio de una alta tasa de eventos en dom0, tambi\u00e9n se conoce como CID-e99502f76271\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12\",\"versionEndExcluding\":\"4.4.244\",\"matchCriteriaId\":\"AA719A92-2855-4DD0-976B-DB325D5680A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.9.244\",\"matchCriteriaId\":\"333BA70D-20AE-4FD7-8840-343E56367F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10.0\",\"versionEndExcluding\":\"4.14.207\",\"matchCriteriaId\":\"4E7EC529-740E-4ED5-9EFC-F1FAEE029AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.0\",\"versionEndExcluding\":\"4.19.155\",\"matchCriteriaId\":\"1F25E0DA-3383-48F8-AF11-8C4230EEE095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20.0\",\"versionEndExcluding\":\"5.4.75\",\"matchCriteriaId\":\"B9EA48BB-631D-425C-9B81-7F3A3D421089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndExcluding\":\"5.9.5\",\"matchCriteriaId\":\"9F0FC208-5B80-4CCA-A8FB-CD9D86D5F4BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD7EB1D-064C-4DB9-AD34-D8EF78312C17\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.14.0\",\"matchCriteriaId\":\"2D769F4A-98C6-4544-AC04-3D8600C17BBB\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/01/19/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202011-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-332.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/01/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e99502f76271d6bc4e374fe368c50c67a1fd3070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/e99502f76271d6bc4e374fe368c50c67a1fd3070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202011-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-332.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.