PT-2020-4727 · Linux+5 · Linux Kernel+5

Julien Grall

·

Published

2020-10-20

·

Updated

2023-08-22

·

CVE-2020-27673

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.9.1 Xen versions up to 4.14.x
Description: An issue in the Linux kernel allows guest OS users to cause a denial of service, resulting in a host OS hang, by sending a high rate of events to dom0. This issue is related to uncontrolled resource consumption, which can be exploited by an attacker to cause a service disruption.
Recommendations: For Linux kernel versions up to 5.9.1, consider applying configuration changes to limit the rate of events to dom0 as a temporary workaround. For Xen versions up to 4.14.x, restrict access to dom0 to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2020-05279
CVE-2020-27673
DLA-2483-1
DLA-2494-1
MGASA-2021-0030
MGASA-2021-0031
OPENSUSE-SU-2020:1783-1
OPENSUSE-SU-2020:1844-1
OPENSUSE-SU-2020_1783-1
OPENSUSE-SU-2020_1844-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2020:3049-1
SUSE-SU-2020:3050-1
SUSE-SU-2020:3051-1
SUSE-SU-2020:3052-1
SUSE-SU-2020:3088-1
SUSE-SU-2020:3272-1
SUSE-SU-2020:3281-1
SUSE-SU-2020:3491-1
SUSE-SU-2020:3532-1
SUSE-SU-2020:3544-1
SUSE-SU-2021:0437-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4751-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu
Xen