PT-2020-16760 · Xen+1 · Xen+1

Jan Beulich

·

Published

2020-10-22

·

Updated

2024-06-15

·

CVE-2020-27671

CVSS v3.1

7.8

High

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Xen versions through 4.14.x
Description An issue in Xen allows x86 HVM and PVH guest OS users to cause a denial of service, including data corruption, cause a data leak, or possibly gain privileges. This is due to the mishandling of coalescing of per-page IOMMU TLB flushes.
Recommendations For Xen versions through 4.14.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2020-27671
DSA-4804-1
OPENSUSE-SU-2020:1783-1
OPENSUSE-SU-2020:1844-1
OPENSUSE-SU-2020:2162-1
OPENSUSE-SU-2020:2192-1
OPENSUSE-SU-2020_1783-1
OPENSUSE-SU-2020_1844-1
OPENSUSE-SU-2020_2162-1
OPENSUSE-SU-2020_2192-1
OPENSUSE-SU-2024:11520-1
SUSE-SU-2020:14557-1
SUSE-SU-2020:3049-1
SUSE-SU-2020:3050-1
SUSE-SU-2020:3051-1
SUSE-SU-2020:3052-1
SUSE-SU-2020:3088-1
SUSE-SU-2020:3611-1
SUSE-SU-2020:3615-1
SUSE-SU-2020:3627-1
SUSE-SU-2020:3631-1
SUSE-SU-2020:3653-1
SUSE-SU-2020:3742-1
SUSE-SU-2020_14557-1

Affected Products

Suse
Xen