Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-27670 (GCVE-0-2020-27670)
Vulnerability from cvelistv5 – Published: 2020-10-22 20:34 – Updated: 2024-08-04 16:18
VLAI?
EPSS
Summary
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://xenbits.xen.org/xsa/advisory-347.html | x_refsource_CONFIRM |
| https://xenbits.xen.org/xsa/advisory-347.html | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202011-06 | vendor-advisoryx_refsource_GENTOO |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2020/dsa-4804 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2021/01/19/9 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "openSUSE-SU-2020:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"name": "openSUSE-SU-2020:1844",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"name": "GLSA-202011-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"name": "FEDORA-2020-6dd36a716c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"name": "DSA-4804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"name": "[oss-security] 20210119 Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T19:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "openSUSE-SU-2020:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"name": "openSUSE-SU-2020:1844",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"name": "GLSA-202011-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"name": "FEDORA-2020-6dd36a716c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"name": "DSA-4804",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"name": "[oss-security] 20210119 Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "openSUSE-SU-2020:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"name": "openSUSE-SU-2020:1844",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"name": "GLSA-202011-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"name": "FEDORA-2020-6dd36a716c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"name": "DSA-4804",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"name": "[oss-security] 20210119 Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27670",
"datePublished": "2020-10-22T20:34:22.000Z",
"dateReserved": "2020-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:18:45.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-27670",
"date": "2026-05-20",
"epss": "0.00044",
"percentile": "0.13536"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\", \"versionEndIncluding\": \"4.14.0\", \"matchCriteriaId\": \"5BCCA6BA-E5A5-4C9E-828A-790663E0A79D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de datos), causar una filtraci\\u00f3n de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de p\\u00e1ginas IOMMU de AMD puede ser actualizada a medias\"}]",
"id": "CVE-2020-27670",
"lastModified": "2024-11-21T05:21:37.887",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.1, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-10-22T21:15:13.827",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/01/19/9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-347.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202011-06\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4804\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-347.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/01/19/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-347.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202011-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-347.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-27670\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-10-22T21:15:13.827\",\"lastModified\":\"2024-11-21T05:21:37.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegaci\u00f3n de servicio (corrupci\u00f3n de datos), causar una filtraci\u00f3n de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de p\u00e1ginas IOMMU de AMD puede ser actualizada a medias\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionEndIncluding\":\"4.14.0\",\"matchCriteriaId\":\"5BCCA6BA-E5A5-4C9E-828A-790663E0A79D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B009C22E-30A4-4288-BCF6-C3E81DEAF45A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/01/19/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-347.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202011-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4804\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-347.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/01/19/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-347.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202011-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-347.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2020-AVI-693
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.2 LTSR sans le dernier correctif | ||
| Citrix | XenServer | Citrix XenServer 7.0 sans le dernier correctif | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.1 sans le dernier correctif | ||
| Citrix | XenServer | Citrix XenServer 7.1 LTSR CU2 sans le dernier correctif |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix Hypervisor 8.2 LTSR sans le dernier correctif",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.0 sans le dernier correctif",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.1 sans le dernier correctif",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.1 LTSR CU2 sans le dernier correctif",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27672"
},
{
"name": "CVE-2020-27674",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27674"
},
{
"name": "CVE-2020-27671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27671"
},
{
"name": "CVE-2020-27670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27670"
},
{
"name": "CVE-2020-27675",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27675"
},
{
"name": "CVE-2020-27673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27673"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-693",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX284874 du 27 octobre 2020",
"url": "https://support.citrix.com/article/CTX284874"
}
]
}
CERTFR-2020-AVI-693
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.2 LTSR sans le dernier correctif | ||
| Citrix | XenServer | Citrix XenServer 7.0 sans le dernier correctif | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor 8.1 sans le dernier correctif | ||
| Citrix | XenServer | Citrix XenServer 7.1 LTSR CU2 sans le dernier correctif |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix Hypervisor 8.2 LTSR sans le dernier correctif",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.0 sans le dernier correctif",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor 8.1 sans le dernier correctif",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer 7.1 LTSR CU2 sans le dernier correctif",
"product": {
"name": "XenServer",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27672"
},
{
"name": "CVE-2020-27674",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27674"
},
{
"name": "CVE-2020-27671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27671"
},
{
"name": "CVE-2020-27670",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27670"
},
{
"name": "CVE-2020-27675",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27675"
},
{
"name": "CVE-2020-27673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27673"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-693",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nCitrix. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX284874 du 27 octobre 2020",
"url": "https://support.citrix.com/article/CTX284874"
}
]
}
CNVD-2020-61022
Vulnerability from cnvd - Published: 2020-11-07
VLAI Severity ?
Title
Xen数据伪造问题漏洞
Description
Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.14.x 系列版本及之前版本存在安全漏洞,该漏洞使x86 guest虚拟机OS用户可以拒绝服务,导致数据泄漏或可能获得特权。目前没有详细的漏洞细节提供。
Severity
中
Patch Name
Xen数据伪造问题漏洞的补丁
Patch Description
Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.14.x 系列版本及之前版本存在安全漏洞,该漏洞使x86 guest虚拟机OS用户可以拒绝服务,导致数据泄漏或可能获得特权。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://xenbits.xen.org/xsa/advisory-347.html
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html
Impacted products
| Name | Xen Xen <=4.14.* |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-27670",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-27670"
}
},
"description": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\n\nXen 4.14.x \u7cfb\u5217\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u4f7fx86 guest\u865a\u62df\u673aOS\u7528\u6237\u53ef\u4ee5\u62d2\u7edd\u670d\u52a1\uff0c\u5bfc\u81f4\u6570\u636e\u6cc4\u6f0f\u6216\u53ef\u80fd\u83b7\u5f97\u7279\u6743\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-347.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-61022",
"openTime": "2020-11-07",
"patchDescription": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\r\n\r\nXen 4.14.x \u7cfb\u5217\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u4f7fx86 guest\u865a\u62df\u673aOS\u7528\u6237\u53ef\u4ee5\u62d2\u7edd\u670d\u52a1\uff0c\u5bfc\u81f4\u6570\u636e\u6cc4\u6f0f\u6216\u53ef\u80fd\u83b7\u5f97\u7279\u6743\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003c=4.14.*"
},
"referenceLink": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html",
"serverity": "\u4e2d",
"submitTime": "2020-11-04",
"title": "Xen\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}
FKIE_CVE-2020-27670
Vulnerability from fkie_nvd - Published: 2020-10-22 21:15 - Updated: 2024-11-21 05:21
Severity ?
Summary
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "5BCCA6BA-E5A5-4C9E-828A-790663E0A79D",
"versionEndIncluding": "4.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Xen versiones hasta 4.14.x, permitiendo a usuarios del Sistema Operativo invitado x86 causar una denegaci\u00f3n de servicio (corrupci\u00f3n de datos), causar una filtraci\u00f3n de datos o posiblemente alcanzar privilegios porque una entrada de la tabla de p\u00e1ginas IOMMU de AMD puede ser actualizada a medias"
}
],
"id": "CVE-2020-27670",
"lastModified": "2024-11-21T05:21:37.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:13.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5MQQ-GCV3-GMVF
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-10-07 18:15
VLAI?
Details
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-27670"
],
"database_specific": {
"cwe_ids": [
"CWE-345"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-22T21:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"id": "GHSA-5mqq-gcv3-gmvf",
"modified": "2022-10-07T18:15:45Z",
"published": "2022-05-24T17:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27670"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-27670
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-27670",
"description": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"id": "GSD-2020-27670",
"references": [
"https://www.suse.com/security/cve/CVE-2020-27670.html",
"https://www.debian.org/security/2020/dsa-4804"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-27670"
],
"details": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"id": "GSD-2020-27670",
"modified": "2023-12-13T01:22:11.372628Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "openSUSE-SU-2020:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"name": "openSUSE-SU-2020:1844",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"name": "GLSA-202011-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"name": "FEDORA-2020-6dd36a716c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"name": "DSA-4804",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"name": "[oss-security] 20210119 Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndIncluding": "4.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27670"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-347.html"
},
{
"name": "openSUSE-SU-2020:1783",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00075.html"
},
{
"name": "openSUSE-SU-2020:1844",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00025.html"
},
{
"name": "GLSA-202011-06",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202011-06"
},
{
"name": "FEDORA-2020-6dd36a716c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIK57QJOVOPWH6RFRNMGOBCROBCKMDG2/"
},
{
"name": "DSA-4804",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4804"
},
{
"name": "[oss-security] 20210119 Xen Security Advisory 347 v3 (CVE-2020-27670) - unsafe AMD IOMMU page table updates",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/19/9"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-347.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-347.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-10-07T15:24Z",
"publishedDate": "2020-10-22T21:15Z"
}
}
}
OPENSUSE-SU-2020:1783-1
Vulnerability from csaf_opensuse - Published: 2020-10-30 23:23 - Updated: 2020-10-30 23:23Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2020-1783
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)\n- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)\n- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)\n- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1783",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1783-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1783-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QALKR2UERMILIDYYTVQWAI5UURBP4QPO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1783-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QALKR2UERMILIDYYTVQWAI5UURBP4QPO/"
},
{
"category": "self",
"summary": "SUSE Bug 1177409",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "self",
"summary": "SUSE Bug 1177412",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "self",
"summary": "SUSE Bug 1177413",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "self",
"summary": "SUSE Bug 1177414",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27673/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-10-30T23:23:28Z",
"generator": {
"date": "2020-10-30T23:23:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1783-1",
"initial_release_date": "2020-10-30T23:23:28Z",
"revision_history": [
{
"date": "2020-10-30T23:23:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.1_10-lp152.2.12.1.i586",
"product": {
"name": "xen-devel-4.13.1_10-lp152.2.12.1.i586",
"product_id": "xen-devel-4.13.1_10-lp152.2.12.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.1_10-lp152.2.12.1.i586",
"product": {
"name": "xen-libs-4.13.1_10-lp152.2.12.1.i586",
"product_id": "xen-libs-4.13.1_10-lp152.2.12.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"product": {
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"product_id": "xen-tools-domU-4.13.1_10-lp152.2.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-devel-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-libs-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-tools-4.13.1_10-lp152.2.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"product_id": "xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.1_10-lp152.2.12.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586"
},
"product_reference": "xen-devel-4.13.1_10-lp152.2.12.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.1_10-lp152.2.12.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586"
},
"product_reference": "xen-libs-4.13.1_10-lp152.2.12.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586"
},
"product_reference": "xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27670"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27670",
"url": "https://www.suse.com/security/cve/CVE-2020-27670"
},
{
"category": "external",
"summary": "SUSE Bug 1177414 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-30T23:23:28Z",
"details": "important"
}
],
"title": "CVE-2020-27670"
},
{
"cve": "CVE-2020-27671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27671"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27671",
"url": "https://www.suse.com/security/cve/CVE-2020-27671"
},
{
"category": "external",
"summary": "SUSE Bug 1177413 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-30T23:23:28Z",
"details": "important"
}
],
"title": "CVE-2020-27671"
},
{
"cve": "CVE-2020-27672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27672"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27672",
"url": "https://www.suse.com/security/cve/CVE-2020-27672"
},
{
"category": "external",
"summary": "SUSE Bug 1177412 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-30T23:23:28Z",
"details": "important"
}
],
"title": "CVE-2020-27672"
},
{
"cve": "CVE-2020-27673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27673"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27673",
"url": "https://www.suse.com/security/cve/CVE-2020-27673"
},
{
"category": "external",
"summary": "SUSE Bug 1177411 for CVE-2020-27673",
"url": "https://bugzilla.suse.com/1177411"
},
{
"category": "external",
"summary": "SUSE Bug 1184583 for CVE-2020-27673",
"url": "https://bugzilla.suse.com/1184583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.1_10-lp152.2.12.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.1_10-lp152.2.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-30T23:23:28Z",
"details": "moderate"
}
],
"title": "CVE-2020-27673"
}
]
}
OPENSUSE-SU-2020:1844-1
Vulnerability from csaf_opensuse - Published: 2020-11-05 19:26 - Updated: 2020-11-05 19:26Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-1844
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- bsc#1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286)\n- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345)\n- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346)\n- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1844",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1844-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1844-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZIOT3M77DFFZF3ASHBBUCOOBBI7UR6WR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1844-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZIOT3M77DFFZF3ASHBBUCOOBBI7UR6WR/"
},
{
"category": "self",
"summary": "SUSE Bug 1177409",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "self",
"summary": "SUSE Bug 1177412",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "self",
"summary": "SUSE Bug 1177413",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "self",
"summary": "SUSE Bug 1177414",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27673 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27673/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-11-05T19:26:09Z",
"generator": {
"date": "2020-11-05T19:26:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1844-1",
"initial_release_date": "2020-11-05T19:26:09Z",
"revision_history": [
{
"date": "2020-11-05T19:26:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.3_10-lp151.2.27.1.i586",
"product": {
"name": "xen-devel-4.12.3_10-lp151.2.27.1.i586",
"product_id": "xen-devel-4.12.3_10-lp151.2.27.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.3_10-lp151.2.27.1.i586",
"product": {
"name": "xen-libs-4.12.3_10-lp151.2.27.1.i586",
"product_id": "xen-libs-4.12.3_10-lp151.2.27.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"product": {
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"product_id": "xen-tools-domU-4.12.3_10-lp151.2.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-devel-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-libs-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-tools-4.12.3_10-lp151.2.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64",
"product_id": "xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.3_10-lp151.2.27.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586"
},
"product_reference": "xen-devel-4.12.3_10-lp151.2.27.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.3_10-lp151.2.27.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586"
},
"product_reference": "xen-libs-4.12.3_10-lp151.2.27.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586"
},
"product_reference": "xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27670"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27670",
"url": "https://www.suse.com/security/cve/CVE-2020-27670"
},
{
"category": "external",
"summary": "SUSE Bug 1177414 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T19:26:09Z",
"details": "important"
}
],
"title": "CVE-2020-27670"
},
{
"cve": "CVE-2020-27671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27671"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27671",
"url": "https://www.suse.com/security/cve/CVE-2020-27671"
},
{
"category": "external",
"summary": "SUSE Bug 1177413 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T19:26:09Z",
"details": "important"
}
],
"title": "CVE-2020-27671"
},
{
"cve": "CVE-2020-27672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27672"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27672",
"url": "https://www.suse.com/security/cve/CVE-2020-27672"
},
{
"category": "external",
"summary": "SUSE Bug 1177412 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T19:26:09Z",
"details": "important"
}
],
"title": "CVE-2020-27672"
},
{
"cve": "CVE-2020-27673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27673"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27673",
"url": "https://www.suse.com/security/cve/CVE-2020-27673"
},
{
"category": "external",
"summary": "SUSE Bug 1177411 for CVE-2020-27673",
"url": "https://bugzilla.suse.com/1177411"
},
{
"category": "external",
"summary": "SUSE Bug 1184583 for CVE-2020-27673",
"url": "https://bugzilla.suse.com/1184583"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.3_10-lp151.2.27.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.3_10-lp151.2.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-05T19:26:09Z",
"details": "moderate"
}
],
"title": "CVE-2020-27673"
}
]
}
OPENSUSE-SU-2020:2162-1
Vulnerability from csaf_opensuse - Published: 2020-12-04 22:35 - Updated: 2020-12-04 22:35Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patchnames: openSUSE-2020-2162
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2162",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2162-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2162-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FGJHRZRKWQ2TYU34S47P4GNDICF6RCY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2162-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4FGJHRZRKWQ2TYU34S47P4GNDICF6RCY/"
},
{
"category": "self",
"summary": "SUSE Bug 1177409",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "self",
"summary": "SUSE Bug 1177412",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "self",
"summary": "SUSE Bug 1177413",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "self",
"summary": "SUSE Bug 1177414",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "self",
"summary": "SUSE Bug 1178591",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "self",
"summary": "SUSE Bug 1178963",
"url": "https://bugzilla.suse.com/1178963"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27674 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28368 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28368/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-12-04T22:35:07Z",
"generator": {
"date": "2020-12-04T22:35:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2162-1",
"initial_release_date": "2020-12-04T22:35:07Z",
"revision_history": [
{
"date": "2020-12-04T22:35:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.13.2_04-lp152.2.18.1.i586",
"product": {
"name": "xen-devel-4.13.2_04-lp152.2.18.1.i586",
"product_id": "xen-devel-4.13.2_04-lp152.2.18.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.2_04-lp152.2.18.1.i586",
"product": {
"name": "xen-libs-4.13.2_04-lp152.2.18.1.i586",
"product_id": "xen-libs-4.13.2_04-lp152.2.18.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"product": {
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"product_id": "xen-tools-domU-4.13.2_04-lp152.2.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-devel-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-libs-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-tools-4.13.2_04-lp152.2.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"product": {
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"product_id": "xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.2_04-lp152.2.18.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586"
},
"product_reference": "xen-devel-4.13.2_04-lp152.2.18.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.2_04-lp152.2.18.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586"
},
"product_reference": "xen-libs-4.13.2_04-lp152.2.18.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586"
},
"product_reference": "xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64"
},
"product_reference": "xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27670"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27670",
"url": "https://www.suse.com/security/cve/CVE-2020-27670"
},
{
"category": "external",
"summary": "SUSE Bug 1177414 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:07Z",
"details": "important"
}
],
"title": "CVE-2020-27670"
},
{
"cve": "CVE-2020-27671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27671"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27671",
"url": "https://www.suse.com/security/cve/CVE-2020-27671"
},
{
"category": "external",
"summary": "SUSE Bug 1177413 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:07Z",
"details": "important"
}
],
"title": "CVE-2020-27671"
},
{
"cve": "CVE-2020-27672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27672"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27672",
"url": "https://www.suse.com/security/cve/CVE-2020-27672"
},
{
"category": "external",
"summary": "SUSE Bug 1177412 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:07Z",
"details": "important"
}
],
"title": "CVE-2020-27672"
},
{
"cve": "CVE-2020-27674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27674"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27674",
"url": "https://www.suse.com/security/cve/CVE-2020-27674"
},
{
"category": "external",
"summary": "SUSE Bug 1177409 for CVE-2020-27674",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27674",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:07Z",
"details": "moderate"
}
],
"title": "CVE-2020-27674"
},
{
"cve": "CVE-2020-28368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28368"
}
],
"notes": [
{
"category": "general",
"text": "Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a \"Platypus\" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28368",
"url": "https://www.suse.com/security/cve/CVE-2020-28368"
},
{
"category": "external",
"summary": "SUSE Bug 1178591 for CVE-2020-28368",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-28368",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:xen-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-devel-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-doc-html-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-32bit-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-libs-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.i586",
"openSUSE Leap 15.2:xen-tools-domU-4.13.2_04-lp152.2.18.1.x86_64",
"openSUSE Leap 15.2:xen-tools-xendomains-wait-disk-4.13.2_04-lp152.2.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-04T22:35:07Z",
"details": "moderate"
}
],
"title": "CVE-2020-28368"
}
]
}
OPENSUSE-SU-2020:2192-1
Vulnerability from csaf_opensuse - Published: 2020-12-07 11:06 - Updated: 2020-12-07 11:06Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-2192
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2192",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2192-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2192-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5GBNU2YMLJN6R7ACNKZML4MG7X35FZTY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2192-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5GBNU2YMLJN6R7ACNKZML4MG7X35FZTY/"
},
{
"category": "self",
"summary": "SUSE Bug 1177409",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "self",
"summary": "SUSE Bug 1177412",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "self",
"summary": "SUSE Bug 1177413",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "self",
"summary": "SUSE Bug 1177414",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "self",
"summary": "SUSE Bug 1178591",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "self",
"summary": "SUSE Bug 1178963",
"url": "https://bugzilla.suse.com/1178963"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27670 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27671 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27672 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27674 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28368 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28368/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-12-07T11:06:08Z",
"generator": {
"date": "2020-12-07T11:06:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2192-1",
"initial_release_date": "2020-12-07T11:06:08Z",
"revision_history": [
{
"date": "2020-12-07T11:06:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.4_04-lp151.2.33.1.i586",
"product": {
"name": "xen-devel-4.12.4_04-lp151.2.33.1.i586",
"product_id": "xen-devel-4.12.4_04-lp151.2.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_04-lp151.2.33.1.i586",
"product": {
"name": "xen-libs-4.12.4_04-lp151.2.33.1.i586",
"product_id": "xen-libs-4.12.4_04-lp151.2.33.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"product": {
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"product_id": "xen-tools-domU-4.12.4_04-lp151.2.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-devel-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-libs-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-tools-4.12.4_04-lp151.2.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64",
"product_id": "xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_04-lp151.2.33.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586"
},
"product_reference": "xen-devel-4.12.4_04-lp151.2.33.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_04-lp151.2.33.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586"
},
"product_reference": "xen-libs-4.12.4_04-lp151.2.33.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586"
},
"product_reference": "xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27670"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27670",
"url": "https://www.suse.com/security/cve/CVE-2020-27670"
},
{
"category": "external",
"summary": "SUSE Bug 1177414 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1177414"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27670",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:08Z",
"details": "important"
}
],
"title": "CVE-2020-27670"
},
{
"cve": "CVE-2020-27671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27671"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27671",
"url": "https://www.suse.com/security/cve/CVE-2020-27671"
},
{
"category": "external",
"summary": "SUSE Bug 1177413 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1177413"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27671",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:08Z",
"details": "important"
}
],
"title": "CVE-2020-27671"
},
{
"cve": "CVE-2020-27672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27672"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27672",
"url": "https://www.suse.com/security/cve/CVE-2020-27672"
},
{
"category": "external",
"summary": "SUSE Bug 1177412 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1177412"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1183925 for CVE-2020-27672",
"url": "https://bugzilla.suse.com/1183925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:08Z",
"details": "important"
}
],
"title": "CVE-2020-27672"
},
{
"cve": "CVE-2020-27674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27674"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27674",
"url": "https://www.suse.com/security/cve/CVE-2020-27674"
},
{
"category": "external",
"summary": "SUSE Bug 1177409 for CVE-2020-27674",
"url": "https://bugzilla.suse.com/1177409"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-27674",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-27674"
},
{
"cve": "CVE-2020-28368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28368"
}
],
"notes": [
{
"category": "general",
"text": "Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a \"Platypus\" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28368",
"url": "https://www.suse.com/security/cve/CVE-2020-28368"
},
{
"category": "external",
"summary": "SUSE Bug 1178591 for CVE-2020-28368",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-28368",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.4_04-lp151.2.33.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.4_04-lp151.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:08Z",
"details": "moderate"
}
],
"title": "CVE-2020-28368"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…